Grafana Enterprise 8.5.3 and 7.5.16 released with moderate severity security fix

Grafana Enterprise has released versions 8.5.3 and 7.5.16 to address a moderate severity security vulnerability, identified as CVE-2022-29170, which affects versions from 7.4.0-beta1 to 8.5.2. This vulnerability involves the bypass of request security configurations via HTTP redirects from a malicious data source, potentially allowing access to forbidden hosts. The issue was discovered during an internal audit on May 2, 2022, leading to a coordinated private and public patch release with cloud providers like Amazon Managed Grafana and Azure Managed Grafana. Grafana OSS and Grafana Cloud are not impacted. Users are advised to upgrade affected versions promptly, and any security vulnerabilities should be reported securely to Grafana Labs.