Grafana 8.3.4 and 7.5.13 released with important security fix

Grafana has released versions 8.3.4 and 7.5.13, addressing a security vulnerability related to OAuth forwarding for data sources when API keys are used, which affects Grafana installations from version 7.5.x to 8.x. This issue, identified by Mikko Auvinen and classified as CVSS low, allows the OAuth Access Token of the most recently signed-in user to be used instead of the API token when forwarding is enabled, leading to unexpected behavior. Grafana recommends upgrading to these latest versions to resolve the issue, or alternatively, limiting the availability of API tokens if upgrading is not possible. The company acknowledges Auvinen's responsible disclosure and encourages reporting any security vulnerabilities via their dedicated email, with encryption preferred. Security announcements and mitigations are regularly updated on their blog and can be accessed through an RSS feed.