Grafana 8.2.3 released with medium severity security fix: CVE-2021-41174 Grafana XSS

Grafana 8.2.3 has been released to address a medium-severity XSS vulnerability, identified as CVE-2021-41174, affecting all versions from 8.0.0-beta1 to 8.2.2. The vulnerability could allow an attacker to execute arbitrary JavaScript if a user visits a malicious URL while unauthenticated, particularly on pages featuring a login button. Grafana Cloud instances have already been patched, and updated binaries were provided to Grafana Enterprise customers under embargo. Users are advised to upgrade to the patched version or implement workarounds, such as blocking specific URL patterns, to mitigate the issue. An audit has confirmed no exploitation on Grafana Cloud instances, and the issue has been publicly disclosed following a thorough timeline of actions taken since its discovery. Security vulnerabilities should be reported to Grafana via their designated email, and updates are available through their Security Announcements RSS feed.