Grafana 8.3.1, 8.2.7, 8.1.8, and 8.0.7 released with high severity security fix
Blog post from Grafana Labs
Grafana released versions 8.3.1, 8.2.7, 8.1.8, and 8.0.7 to address a high severity security vulnerability, CVE-2021-43798, which affects Grafana versions from 8.0.0-beta1 through 8.3.0, related to a directory traversal issue allowing access to local files. The vulnerability, which does not impact Grafana Cloud due to its defense-in-depth approach, requires users of affected versions to upgrade immediately or use a reverse proxy to mitigate the risk. The announcement was made following a timeline that included a leak of the vulnerability to the public, turning it into a zero-day exploit, and a rapid response by Grafana to release the security fix. Grafana has emphasized the importance of reporting security issues to their dedicated email and provides regular security updates on their blog.
No tracked trend matches for this post yet.