1 year ago

https://grafana.com/ is beginning to lose its innocence as it moves past its fledging startup stage with its widely popular Grafana panel and open source tools to assume the problems of a multibillion-dollar tech company. Chief among its emerging concerns: security, of course, as attackers and data thieves are finding an increasingly attractive target among its 10-million and growing user base.

A case in point is how its 9.1.2 and Image Renderer 3.6.1 releases include a high-severity security fix for https://thenewstack.io/will-grafana-become-easier-to-use-in-2022/ instances that are using the Grafana Image Renderer plugin (https://nvd.nist.gov/vuln/detail/CVE-2022-31176).

For the high-severity security fix for Grafana instances for the Grafana Image Renderer plugin that was issued with the most recent Grafana release, an internal security researcher discovered on August 11. Grafana says the Grafana installations and Image Renderer plugin should be upgraded among users using the Grafana Image Renderer plugin with HTTP remoting.