Grafana 8.3.2 and 7.5.12 released with moderate severity security fix

Grafana has released versions 8.3.2 and 7.5.12 to address moderate severity security vulnerabilities identified as CVE-2021-43813 and CVE-2021-43815, which affect directory traversal for .md and .csv files. These vulnerabilities are restricted in scope, only accessible by authenticated users, and involve specific configurations such as the TestData DB data source for .csv files. Grafana Cloud was never at risk due to a defense-in-depth approach. The company advises upgrading affected installations or implementing mitigations like using a reverse proxy to handle URL encoding. The announcement follows a high-severity CVE-2021-43798 patch, with Grafana committing to ongoing security improvements. Users are encouraged to report vulnerabilities via secure channels and can find updates on Grafana's blog.