Grafana has released versions 9.3.4 and 9.2.10 to address several security vulnerabilities, including CVE-2022-23552, CVE-2022-41912, and CVE-2022-39324. CVE-2022-23552 involves a stored XSS vulnerability in the Geomap and Canvas plugins, which can be exploited by users with Editor roles to execute arbitrary JavaScript in dashboards. CVE-2022-41912 pertains to a SAML privilege escalation issue in Grafana Enterprise, where unsigned assertions in SAML responses could be misinterpreted as signed, potentially allowing unauthorized access. CVE-2022-39324 involves the spoofing of the originalUrl parameter in snapshot functionality, which could mislead users by redirecting them to malicious URLs. Patches have been applied to Grafana Cloud, and users are advised to upgrade their instances to mitigate these risks. Security vulnerabilities can be reported to Grafana Labs via an encrypted message using their PGP key.