Grafana released versions 6.7.4 and 7.0.2, addressing a significant security vulnerability affecting all versions from 3.0.1 to 7.0.1, specifically a Server-Side Request Forgery (SSRF) issue within the avatar feature that could be exploited without authentication. This flaw allowed unauthorized users to make Grafana send HTTP requests to any URL, potentially exposing network information and enabling denial-of-service attacks. Grafana Cloud instances are already patched, and Grafana Enterprise customers received updates under embargo. Users are urged to upgrade immediately to the latest versions or mitigate risks by blocking access to the vulnerable feature. The vulnerability, identified as CVE-2020-13379, was reported on May 14, 2020, leading to quick validation and a release plan to rectify the issue. Grafana encourages reporting of any security vulnerabilities via their dedicated security email and provides security announcements on their community site for ongoing updates.