Grafana OSS 11.5.2 Container Image Contains High-Severity Vulnerability CVE-2024-12797

A high-severity vulnerability, CVE-2024-12797, has been identified within the official `grafana/grafana-oss:11.5.2` container image. The flaw was detected during a routine security scan using the Trivy tool, raising immediate concerns for teams deploying this specific version of the popular open-source analytics platform. This discovery signals a critical lapse in the security posture of a foundational component for monitoring and observability stacks, putting production environments at potential risk.

The vulnerability is embedded in the container's underlying operating system, which is identified as Alpine Linux 3.20.5. The issue is not related to a Grafana dashboard panel or a specific datasource but originates from the OS layer of the containerized deployment. Reproducing the finding is straightforward: scanning the `grafana/grafana-oss:11.5.2` image with Trivy confirms the presence of the high-severity CVE. This indicates that the vulnerability was introduced during the container build process, affecting a clean installation of the platform.

This incident places significant pressure on Grafana Labs and its security processes, as a tagged release in a core product line ships with a known high-severity flaw. For organizations relying on this container image, the finding necessitates urgent action, including image patching or version upgrades, to mitigate potential exploitation. The event also prompts broader scrutiny of the software supply chain for containerized applications, where base image vulnerabilities can silently propagate into production systems.