8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Prometheus is an open source software written in Go language for recording real-time metrics in time series databases built using the HTTP pull model.Prometheus Exporter Toolkit 0.7.2 and versions prior to 0.8.2 contain an unspecified vulnerability that could be exploited by attackers to spoof requests in order to break the internal caching method used for cache hash calculations and bypass security using this functionality.
CPE | Name | Operator | Version |
---|---|---|---|
prometheus exporter_toolkit | lt | 0.7.2 | |
prometheus exporter_toolkit | lt | 0.8.2 |