Its the description that caught my eye on this one, a race condition leading to authentication bypass.

On a new request coming in, Grafana would create a new context object for the request and assign the pointer to the server’s middleware object into the context then the request specific middleware would be append‘d to this list. The problem being that append isn’t thread safe and will usually modify the provided slice appending to the same memory as long as there is capacity available. So multiple threads doing this at once will all be modifying the same piece of memory.

Its a good example of a Golang specific vulnerability. Sure you have race conditions in other languages, and shared memory, but the underlying implementation of append isn’t necessarily obvious.