Products Open Source Solutions Learn Docs Pricing

Downloads Contact us Sign in

Create free account Contact us

Products

Grafana Cloud

Monitor, analyze, and act faster with AI-powered observability.

Grafana Cloud overview

LGTM+ Stack

Logs

powered by Grafana Loki

Grafana

for visualization

Traces

powered by Grafana Tempo

Metrics

powered by Grafana Mimir and Prometheus

Key Capabilities

AI/ML insights

Identify anomalies and reduce toil

Contextual root cause analysis

Automated anomaly correlation

SLO management

Create SLOs and error budget alerts

Alerting

Trigger alerts from any data source

Plugins

Connect Grafana to data sources, apps, and more

Observability Solutions

Application Observability

Monitor application performance

Infrastructure observability

Ensure infrastructure health and performance

Testing

Performance testing

Powered by Grafana k6

Synthetic Monitoring

powered by Grafana k6

IRM

Incident response

Routine task automation for incidents

On-call management

Flexible on-call management

Open Source

Grafana Loki

Multi-tenant log aggregation system

Grafana

Query, visualize, and alert on data

Grafana Tempo

High-scale distributed tracing backend

Grafana Mimir

Scalable and performant metrics backend

Grafana Pyroscope

Scalable continuous profiling backend

Grafana Beyla

eBPF auto-instrumentation

Grafana Faro

Frontend application observability web SDK

Grafana Alloy

OpenTelemetry Collector distribution with Prometheus pipelines

Grafana k6

Load testing for engineering teams

Prometheus

Monitor Kubernetes and cloud native

OpenTelemetry

Instrument and collect telemetry data

Graphite

Scalable monitoring for time series data

All

Community resources

Dashboard templates

Try out and share prebuilt visualizations

Prometheus exporters

Get your metrics into Prometheus quickly

end-to-end solutions

Opinionated solutions that help you get there easier and faster

Kubernetes Monitoring

Get K8s health, performance, and cost monitoring from cluster to container

Application Observability

Monitor application performance

Frontend Observability

Gain real user monitoring insights

Incident Response & Management

Detect and respond to incidents with a simplified workflow

All monitoring and visualization solutions

monitor infrastructure

Out-of-the-box KPIs, dashboards, and alerts for observability

Microsoft Azure

All monitoring solutions

visualize any data

Instantly connect all your data sources to Grafana

All visualization solutions

Learn

Community and events

Events

Upcoming in-person and virtual events

ObservabilityCON 2025 (7-9 Oct)

Our flagship observability event

GrafanaCON 2025

Our annual OSS community conference

ObservabilityCON on the Road

Our observability conference on the road

Community

Join the Grafana community

Community forums

Ask the community for help

Resources

Blog

News, releases, cool stories, and more

4th annual Observability Survey

Share your thoughts on the state of observability

Benefits of Observability

New research, reports, and insights

Success stories

By use case, product, and industry

How-to

Documentation

All the docs

Webinars and videos

Demos, webinars, and feature tours

Tutorials

Step-by-step guides

Workshops

Free, in-person or online

Learning Journeys

Expert guidance for mastering our platform

Professional Services

Expert guidance and training

Grafana Cloud

Monitor, analyze, and act faster with AI-powered observability.

Grafana Cloud overview

LGTM+ Stack

Logs

Grafana

Traces

Metrics

Key Capabilities

AI/ML insights

Contextual root cause analysis

SLO management

Alerting

Plugins

Observability Solutions

Application Observability

Infrastructure observability

Testing

Performance testing

Synthetic Monitoring

IRM

Incident response

On-call management

The actually useful free plan

Grafana Cloud Free Tier

10k series Prometheus metrics

50GB logs, 50GB traces, 50GB profiles

500VUk k6 testing

20+ Enterprise data source plugins

100+ pre-built solutions

Grafana Loki

Multi-tenant log aggregation system

Grafana

Query, visualize, and alert on data

Grafana Tempo

High-scale distributed tracing backend

Grafana Mimir

Scalable and performant metrics backend

Grafana Pyroscope

Scalable continuous profiling backend

Grafana Beyla

eBPF auto-instrumentation

Grafana Faro

Frontend application observability web SDK

Grafana Alloy

OpenTelemetry Collector distribution with Prometheus pipelines

Grafana k6

Load testing for engineering teams

Prometheus

Monitor Kubernetes and cloud native

OpenTelemetry

Instrument and collect telemetry data

Graphite

Scalable monitoring for time series data

Community resources

Dashboard templates

Try out and share prebuilt visualizations

Prometheus exporters

Get your metrics into Prometheus quickly

end-to-end solutions

Opinionated solutions that help you get there easier and faster

Kubernetes Monitoring

Get K8s health, performance, and cost monitoring from cluster to container

Application Observability

Monitor application performance

Frontend Observability

Gain real user monitoring insights

Incident Response & Management

Detect and respond to incidents with a simplified workflow

monitor infrastructure

Out-of-the-box KPIs, dashboards, and alerts for observability

Microsoft Azure

visualize any data

Instantly connect all your data sources to Grafana

All monitoring and visualization solutions

Community and events

Events

ObservabilityCON 2025 (7-9 Oct)

GrafanaCON 2025

ObservabilityCON on the Road

Community

Community forums

Resources

Blog

4th annual Observability Survey

Benefits of Observability

Success stories

How-to

Documentation

Webinars and videos

Tutorials

Workshops

Learning Journeys

Professional Services

Featured webinar

Getting started with grafana LGTM stack

Getting started with managing your metrics, logs, and traces using Grafana

Learn how to unify, correlate, and visualize data with dashboards using Grafana.

Grafana alerting wrong permission on datasource rule write endpoint

Medium

Advisory ID:	CVE-2024-8118
Published:	2024-09-26
Product:	Grafana
CVSS Score:	5.1
CVSS Vector:	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Fixed Versions:	>=11.2.1 >=11.1.6 >=11.0.5 >=10.4.9 >=10.3.10

Summary

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.

This vulnerability first appeared in Grafana v8.5.0, and is fixed in v11.2.1, v11.1.6, v11.0.5, v10.4.9, and v10.3.10.