This vulnerability involves a race condition in the Grafana Live component of Grafana OSS. Authenticated users with limited privileges (Viewer role) can exploit this by sending concurrent requests that cause a fatal map access error, crashing the server and causing denial of service. The issue affects a range of Grafana OSS versions from 8.2.0 to 13.0.1. The CVSS 3.1 vector indicates network attack vector, low attack complexity, required privileges at the level of a Viewer, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability. No vendor advisory or patch information is currently available, and the vulnerability is not known to be exploited in the wild.

Successful exploitation results in a denial of service condition where the Grafana server crashes and becomes unavailable, requiring a manual restart. There is no impact on confidentiality or integrity. The attack requires authenticated access with Viewer privileges, which limits the attack surface to users who already have some level of access to the system.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider restricting Viewer role access to trusted users only and monitor for unusual concurrent request patterns that could trigger the crash. Restarting the Grafana server is required to recover from the crash. No official workaround or temporary fix is currently documented.