Grafana has released versions 8.3.2 and 7.5.12 to address a moderate severity security vulnerability involving directory traversal that affects authenticated users' access to arbitrary .md and .csv files, identified as CVE-2021-43813 and CVE-2021-43815, respectively. The vulnerabilities affect versions 5.0.0 to 8.3.1 and 8.0.0-beta3 to 8.3.1, with the CSV vulnerability requiring the TestData DB data source to be enabled. Grafana Cloud was not at risk due to its defense-in-depth strategy. The company has prioritized security by investing in further assessments and encouraged users to upgrade their installations or implement mitigation strategies such as using a reverse proxy. The issues were disclosed responsibly by GitHub Security Labs, and Grafana is committed to maintaining transparency through its security announcements and blog updates.