On September 26, 2024, Grafana Labs released several patch versions of their software to address a medium severity security vulnerability, CVE-2024-8118, found in Grafana Alerting's data source rule write endpoints. This vulnerability, stemming from an incorrect RBAC action check, could allow unauthorized users to create, edit, and delete alert rules, potentially leading to unauthorized data access. The issue affects versions from 8.5.0 to 11.2.0, and users are strongly advised to upgrade to the patched versions. Grafana Labs has already applied the necessary patches to Grafana Cloud and recommends administrators audit permissions to mitigate any risks. The vulnerability was initially introduced in March 2022, discovered and reclassified in August 2024, and subsequently fixed with a public release in September 2024. Users are encouraged to report any security vulnerabilities they find, and Grafana Labs commits to keeping reporters informed about the progress towards resolving such issues.