Grafana security release: Medium severity security fix for CVE-2024-1442

Grafana Labs has released several updates, including Grafana 10.4, to address the medium severity security vulnerability CVE-2024-1442, which affects Grafana's access control system. This vulnerability, concerning data source permission escalation, allows users with permission to create data sources to potentially gain unauthorized access to all data sources within their organization by exploiting a lack of UID validation. The issue impacts specific versions of Grafana Enterprise and Grafana Cloud. Users are advised to upgrade to patched versions and ensure that only trusted users have permission to create data sources. Grafana Labs has coordinated with cloud providers like Amazon and Azure to secure their offerings and has provided detailed timelines and solutions for mitigation. They emphasize responsible disclosure of vulnerabilities and offer channels for reporting security issues, maintaining an updated security blog for public announcements.