Create free account Contact us

Products

LGTM+ Stack

Logs

powered by Grafana Loki

Grafana

for visualization

Traces

powered by Grafana Tempo

Metrics

powered by Grafana Mimir and Prometheus

Profiles

powered by Grafana Pyroscope

Key Capabilities

AI/ML insights

Identify anomalies and reduce toil

Contextual root cause analysis

Automated anomaly correlation

SLO management

Create SLOs and error budget alerts

Alerting

Trigger alerts from any data source

Plugins

Connect Grafana to data sources, apps, and more

Observability Solutions

Frontend Observability

Gain real user monitoring insights

Application Observability

Monitor application performance

Infrastructure observability

Ensure infrastructure health and performance

Testing

Performance & load testing

powered by Grafana k6

Synthetic Monitoring

powered by Grafana k6

IRM

OnCall

Observability native incident response

Incident

Observability native incident management

Deploy The Stack

Grafana Cloud

Fully managed

Grafana Enterprise

Self-managed

Pricing

Hint: It starts at FREE

Open Source

Grafana Loki

Multi-tenant log aggregation system

Grafana

Query, visualize, and alert on data

Grafana Tempo

High-scale distributed tracing backend

Grafana Mimir

Scalable and performant metrics backend

Grafana Pyroscope

Scalable continuous profiling backend

Grafana Beyla

eBPF auto-instrumentation

Grafana Faro

Frontend application observability web SDK

Grafana Alloy

OpenTelemetry Collector distribution with Prometheus pipelines

Grafana OnCall

On-call management

Grafana k6

Load testing for engineering teams

Prometheus

Monitor Kubernetes and cloud native

OpenTelemetry

Instrument and collect telemetry data

Graphite

Scalable monitoring for time series data

All

Community resources

Dashboard templates

Try out and share prebuilt visualizations

Prometheus exporters

Get your metrics into Prometheus quickly

end-to-end solutions

Opinionated solutions that help you get there easier and faster

Kubernetes Monitoring

Get K8s health, performance, and cost monitoring from cluster to container

Application Observability

Monitor application performance

Frontend Observability

Gain real user monitoring insights

Incident Response & Management

Detect and respond to incidents with a simplified workflow

All monitoring and visualization solutions

monitor infrastructure

Out-of-the-box KPIs, dashboards, and alerts for observability

linux server logo
Linux
windows logo
Windows
docker logo
Docker
postgresql logo
Postgres
mysql logo
MySQL
aws logo
AWS
kafka logo
Kafka
jenkins logo
Jenkins
rabbitmq logo
RabbitMQ
mongodb logo
MongoDB
All monitoring solutions

visualize any data

Instantly connect all your data sources to Grafana

mongodb logo
MongoDB
appdynamics logo
AppDynamics
oracle database logo
Oracle
gitlab logo
GitLab
jira logo
Jira
salesforce logo
Salesforce
splunk logo
Splunk
datadog logo
Datadog
new relic logo
New Relic
snowflake logo
Snowflake
All visualization solutions

Learn

Stay up to date

ObservabilityCON

Annual flagship observability conference

ObservabilityCON on the Road

Observability roadshow series

Blog

News, releases, cool stories, and more

Observability Survey 2024

Key findings and results

New

Story of Grafana

10 years of Grafana

Events

Upcoming in-person and virtual events

Success stories

By use case, product, and industry

Technical learning

Documentation

All the docs

Webinars and videos

Demos, webinars, and feature tours

Tutorials

Step-by-step guides

Workshops

Free, in-person or online

Writers' Toolkit

Contribute to technical documentation provided by Grafana Labs

Plugin development

Visit the Grafana developer portal for tools and resources for extending Grafana with plugins.

new

Join the community

Community

Join the Grafana community

new

Community forums

Ask the community for help

Community Slack

Real-time engagement

Grafana Champions

Contribute to the community

new

Community organizers

Host local meetups

new

Docs

Grafana

Grafana Mimir

Grafana Tempo

Grafana Loki

Grafana Pyroscope

Grafana Alloy

Grafana Beyla

Grafana Faro

Grafana k6

Prometheus

Writers’ Toolkit

Grafana Cloud

Grafana Cloud k6

Synthetic Monitoring

Grafana Kubernetes Monitoring

Grafana OnCall

Grafana Incident

Grafana SLO

Grafana Alerting

Grafana Machine Learning

Application Observability

Grafana Enterprise

Grafana Enterprise Logs

Grafana Enterprise Metrics

Grafana Enterprise Traces

Grafana plugins

Community plugins

Visit documentation

Get started

Get started with Grafana

Build your first dashboard

Get started with Grafana Cloud

What's new / Release notes

Grafana: 11.3
Grafana k6: 0.54
Grafana Loki: 3.2
Grafana Mimir: 2.14
Grafana Pyroscope: 1.8
Grafana Tempo: 2.6

Company

Our team
Careers We're hiring
Events
Partnerships
Newsroom
Contact us
Merch

Help build the future of open source observability software Open positions

Check out the open source projects we support Downloads

Sign in

LGTM+ Stack

Grafana Cloud Logs

Logs

powered by Grafana Loki

Grafana

Grafana

for visualization

Grafana Cloud Traces

Traces

powered by Grafana Tempo

Grafana Cloud Metrics

Metrics

powered by Grafana Mimir and Prometheus

Grafana Cloud Profiles

Profiles

powered by Grafana Pyroscope

Key Capabilities

AI/ML

AI/ML insights

Identify anomalies and reduce toil

Grafana Cloud Asserts

Contextual root cause analysis

Automated anomaly correlation

Grafana SLO

SLO management

Create SLOs and error budget alerts

Grafana Alerting

Alerting

Trigger alerts from any data source

Plugins

Plugins

Connect Grafana to data sources, apps, and more

Observability Solutions

Frontend Observability

Frontend Observability

Gain real user monitoring insights

Application Observability

Application Observability

Monitor application performance

Infrastructure Observability

Infrastructure observability

Ensure infrastructure health and performance

Testing

Grafana Cloud k6

Performance & load testing

powered by Grafana k6

Synthetic Monitoring

Synthetic Monitoring

powered by Grafana k6

IRM

Grafana Cloud OnCall

OnCall

Observability native incident response

Grafana Incident

Incident

Observability native incident management

Deploy The Stack

Grafana Cloud

Grafana Cloud

Fully managed

Grafana

Grafana Enterprise

Self-managed

Pricing

Pricing

Hint: It starts at FREE

The actually useful free plan
  • Grafana, of course
  • 14 day retention
  • 10k series Prometheus metrics
  • 500 VUh k6 testing
  • 50 GB logs, traces, and profiles
  • 50k frontend sessions
  • 2,232 app o11y host hours
  • 2,232 k8s monitoring host hours
  • 37,944 k8s monitoring container hours
  • and more cool stuff
Create free account No credit card needed, ever.
Grafana Cloud Logs

Grafana Loki

Multi-tenant log aggregation system

Grafana

Grafana

Query, visualize, and alert on data

Grafana Cloud Traces

Grafana Tempo

High-scale distributed tracing backend

Grafana Cloud Metrics

Grafana Mimir

Scalable and performant metrics backend

Grafana Cloud Profiles

Grafana Pyroscope

Scalable continuous profiling backend

Grafana Beyla

eBPF auto-instrumentation

Grafana Faro

Grafana Faro

Frontend application observability web SDK

Grafana Alloy

Grafana Alloy

OpenTelemetry Collector distribution with Prometheus pipelines

Grafana Cloud OnCall

Grafana OnCall

On-call management

Grafana Cloud k6

Grafana k6

Load testing for engineering teams

Prometheus

Prometheus

Monitor Kubernetes and cloud native

OpenTelemetry

OpenTelemetry

Instrument and collect telemetry data

Graphite

Graphite

Scalable monitoring for time series data

All

Community resources

Dashboard templates
Try out and share prebuilt visualizations
Prometheus exporters
Get your metrics into Prometheus quickly

end-to-end solutions

Opinionated solutions that help you get there easier and faster

Kubernetes Monitoring

Kubernetes Monitoring

Get K8s health, performance, and cost monitoring from cluster to container

Application Observability

Application Observability

Monitor application performance

Frontend Observability

Frontend Observability

Gain real user monitoring insights

Incident Response & Management

Incident Response & Management

Detect and respond to incidents with a simplified workflow

monitor infrastructure

Out-of-the-box KPIs, dashboards, and alerts for observability

linux server logo Linux
windows logo Windows
docker logo Docker
postgresql logo Postgres
mysql logo MySQL
aws logo AWS
kafka logo Kafka
jenkins logo Jenkins
rabbitmq logo RabbitMQ
mongodb logo MongoDB

visualize any data

Instantly connect all your data sources to Grafana

mongodb logo MongoDB
appdynamics logo AppDynamics
oracle database logo Oracle
gitlab logo GitLab
jira logo Jira
salesforce logo Salesforce
splunk logo Splunk
datadog logo Datadog
new relic logo New Relic
snowflake logo Snowflake
All monitoring and visualization solutions

Stay up to date

ObservabilityCON

Annual flagship observability conference

ObservabilityCON on the Road

Observability roadshow series

Blog

News, releases, cool stories, and more

Observability Survey 2024

Key findings and results

New

Story of Grafana

10 years of Grafana

Events

Upcoming in-person and virtual events

Success stories

By use case, product, and industry

Technical learning

Documentation

All the docs

Webinars and videos

Demos, webinars, and feature tours

Tutorials

Step-by-step guides

Workshops

Free, in-person or online

Writers' Toolkit

Contribute to technical documentation provided by Grafana Labs

Plugin development

Visit the Grafana developer portal for tools and resources for extending Grafana with plugins.

new

Join the community

Community

Join the Grafana community

new

Community forums

Ask the community for help

Community Slack

Real-time engagement

Grafana Champions

Contribute to the community

new

Community organizers

Host local meetups

new

Featured

Getting started with grafana LGTM stack

Getting started with the Grafana LGTM Stack

We’ll demo how to get started using the LGTM Stack: Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for metrics.

Watch now →

Open source

Grafana

Grafana

Grafana Cloud Metrics

Grafana Mimir

Grafana Cloud Traces

Grafana Tempo

Grafana Cloud Logs

Grafana Loki

Grafana Cloud Profiles

Grafana Pyroscope

Grafana Alloy

Grafana Alloy

Grafana Beyla

Grafana Faro

Grafana Faro

Grafana Cloud k6

Grafana k6

Prometheus

Prometheus

Writers Toolkit

Writers’ Toolkit

Cloud

Grafana Cloud

Grafana Cloud

Grafana Cloud k6

Grafana Cloud k6

Synthetic Monitoring

Synthetic Monitoring

Kubernetes monitoring

Grafana Kubernetes Monitoring

Grafana Cloud OnCall

Grafana OnCall

Grafana Incident

Grafana Incident

Grafana SLO

Grafana SLO

Grafana Alerting

Grafana Alerting

AI/ML

Grafana Machine Learning

Application Observability

Application Observability

Enterprise

Grafana

Grafana Enterprise

Grafana Cloud Logs

Grafana Enterprise Logs

Grafana Cloud Metrics

Grafana Enterprise Metrics

Grafana Cloud Traces

Grafana Enterprise Traces

Plugins

Grafana plugins

Plugins Community

Community plugins

Visit documentation

Get started

Get started with Grafana

Build your first dashboard

Get started with Grafana Cloud

What's new / Release notes

Grafana: 11.3
Grafana k6: 0.54
Grafana Loki: 3.2
Grafana Mimir: 2.14
Grafana Pyroscope: 1.8
Grafana Tempo: 2.6
Our team
Careers We're hiring
Events
Partnerships
Newsroom
Contact us
Merch

We cannot remember your choice unless you click the consent notice at the bottom.

Grafana 8.2.4 released with security fixes

Grafana 8.2.4 released with security fixes

Vardan Torosyan
2021-11-15 2 min

Today we are releasing Grafana 8.2.4. This patch release includes security fixes that affect Grafana versions 8.0.0 through 8.2.3.

The vulnerability only affects Grafana instances where fine-grained access control beta is enabled, and there is more than one organization in the Grafana instance. If you are not affected by this, you can skip this update.

Release v8.2.4, only containing a security fix:

Incorrect Access Control (CVE-2021-41244)

Summary

On Nov. 2, during an internal security audit, we discovered that when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance, Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin.

Affected versions with high severity

Grafana 8.0 to 8.2.3

Solutions and mitigations

All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.

Grafana Cloud instances have not been affected by the vulnerability.

Reporting security issues

If you think you have found a security vulnerability, please send a report to security@grafana.com. This address can be used for all of Grafana Labs’ open source and commercial products (including, but not limited to Grafana, Grafana Cloud, Grafana Enterprise, and grafana.com). We can accept only vulnerability reports at this address. We would prefer that you encrypt your message to us by using our PGP key. The key fingerprint is

F988 7BEA 027A 049F AE8E 5CAA D125 8932 BE24 C5CA

The key is available from keyserver.ubuntu.com.

Security announcements

We maintain a security category on our blog, where we will always post a summary, remediation, and mitigation details for any patch containing security fixes.

You can also subscribe to our RSS feed.

Tags

Security

Release

Grafana Cloud

Grafana

On this page
Scroll for more

Related content