Grafana 7.5.15 and 8.3.5 released with moderate severity security fixes

Grafana has released versions 8.3.5 and 7.5.15 to address medium-severity security vulnerabilities, including XSS, CSRF, and IDOR vulnerabilities, impacting various versions of the software. The XSS vulnerability, identified as CVE-2022-21702, could allow unauthorized data access through compromised data sources, while the CSRF vulnerability, CVE-2022-21703, enables privilege escalation through cross-origin attacks. The IDOR vulnerability, CVE-2022-21713, affects Grafana Teams APIs, potentially exposing unintended data. Affected users are advised to upgrade their installations promptly, with patches already applied to Grafana Cloud and notifications sent to cloud providers like Amazon Managed Grafana. The vulnerabilities were responsibly disclosed by security researchers, and Grafana encourages further reporting of potential security issues via their designated communication channels.