Grafana Labs released updates for Grafana Agent versions 0.20.1 and 0.21.2 to address a security vulnerability identified internally, designated CVE-2021-41090, which had a CVSS score of 7.2 and involved the exposure of inline secrets in plaintext through certain API endpoints. Although there was no evidence of exploitation, users were urged to upgrade and change any impacted secrets. The vulnerability affected inline secrets used in configurations, such as API keys and passwords, exposing them through the /-/config and /agent/api/v1/configs/{name} endpoints. The updates obscure these secrets and disable the vulnerable endpoints by default as a precautionary measure, with the option to re-enable them post-patching. Grafana Labs provided guidance for users to secure their systems, including updating API keys, while also advising on general security practices such as using minimally permissive secrets and properly managing API keys across their systems.