Grafana has released multiple patch versions, including 10.3.3, 10.2.4, 10.1.7, 10.0.11, and 9.5.16, to address a medium severity security vulnerability identified as CVE-2023-6152 in its basic authentication system. This vulnerability allows users to bypass email verification, potentially preventing legitimate email owners from signing up if an email address is changed post-registration or used as a login name without verification. Affected versions span from Grafana 10.3.0 to 10.3.1, 10.2.0 to 10.2.3, 10.1.0 to 10.1.6, 10.0.0 to 10.0.10, and all versions older than 9.5.16. Users are advised to upgrade to the patched versions or disable basic authentication if alternative mechanisms are available. The vulnerability was disclosed through a bug bounty program in November 2023, and a fix was implemented by January 2024, with the public release of patches occurring in February 2024. Grafana Labs encourages reporting security issues through their dedicated page and maintains a security blog for updates on vulnerabilities and fixes.