Grafana has released new versions, including Grafana 9.1.2 and Grafana Image Renderer 3.6.1, to address a high-severity security vulnerability identified as CVE-2022-31176, which poses a risk of unauthorized file disclosure when the Grafana Image Renderer plugin is used with HTTP remote rendering. This vulnerability, discovered during an internal security review on July 21, 2022, has a CVSS score of 8.3 and could allow malicious users to access unauthorized files under certain conditions. To mitigate the risk, users are advised to upgrade their Grafana installations and the Image Renderer plugin, configure strong security tokens, and restart their systems. The issue has been addressed in all affected versions, with patches applied to Grafana Cloud and coordination with cloud providers to ensure security. Grafana also encourages reporting any security vulnerabilities through their designated email, offering a PGP key for encryption.