Grafana has released versions 8.3.4 and 7.5.13 to address a security vulnerability affecting installations using OAuth forwarding with API keys, a feature introduced in Grafana 7.2. This vulnerability, identified as CVE-2022-21673, could result in the OAuth Access Token of the most recently signed-in user being used instead of the provided API token, leading to unexpected behavior. While the issue is classified as low severity by CVSS standards, Grafana Labs recommends users of affected versions to upgrade to these latest releases to ensure security. If upgrading is not feasible, limiting the availability of API tokens is suggested as a mitigation strategy. The company acknowledges Mikko Auvinen for reporting the issue and encourages the responsible disclosure of security vulnerabilities via their dedicated email channel, with encrypted communication preferred. Security updates and details about vulnerabilities are consistently shared on Grafana’s blog, which offers an RSS feed for subscribers.