Grafana 7.5.15 and 8.3.5 released with moderate severity security fixes

Grafana released versions 8.3.5 and 7.5.15 to address multiple moderate severity security vulnerabilities, including cross-site scripting (XSS), cross-site request forgery (CSRF), and insecure direct object reference (IDOR) issues. The updates are crucial for users running affected versions, which span from v2.0.0-beta1 to v8.3.4 and beyond, depending on the specific vulnerability. These vulnerabilities were responsibly disclosed by security researchers, leading to the implementation of necessary patches in Grafana Cloud and coordinated updates with cloud providers like Amazon Managed Grafana. Users are advised to upgrade their installations to mitigate potential risks, while Grafana Labs encourages reporting of any further security vulnerabilities through their dedicated channels. The company maintains a security blog where updates and mitigation details are posted, and users can subscribe for alerts.