Grafana security releases: New versions with fixes for CVE-2022-39229, CVE-2022-39201, CVE-2022-31130, CVE-2022-31123

On October 11, Grafana released version 9.2.0, which includes new features, bug fixes, and critical security patches for vulnerabilities identified as CVE-2022-39229, CVE-2022-39201, CVE-2022-31130, and CVE-2022-31123. These security issues were discovered as part of internal audits and external research, affecting various versions of Grafana, and involve problems such as improper authentication, data source and plugin proxy endpoint vulnerabilities, and plugin signature bypass. Grafana Labs has released corresponding security patches for versions 9.1.8 and 8.5.14, and has coordinated with cloud providers like Amazon and Azure to ensure their managed services remain secure. The recommended action for users is to upgrade their Grafana instances to the latest versions where patches have been applied, and further security communications are facilitated through Grafana's blog and the option for users to report vulnerabilities via email, using PGP encryption for confidentiality.