Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-CQ2G-PW6Q-HF7J
HistoryDec 19, 2022 - 9:09 p.m.

Cortex's Alertmanager can expose local files content via specially crafted config

2022-12-1921:09:05
CWE-73
CWE-184
CWE-641
GitHub Advisory Database
github.com
55
cortex alertmanager
local file inclusion
security advisory
configuration api
vulnerability
file reading
cortex upgrade
out-of-bound validation
alertmanager configuration
cortex documentation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.0%

JSON

Impact

A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Cortex Alertmanager service using -experimental.alertmanager.enable-api or enable_api: true are affected.

Specific Go Packages Affected

github.com/cortexproject/cortex/pkg/alertmanager

Patches

Affected Cortex users are advised to upgrade to versions 1.13.2 or 1.14.1.

Workarounds

Patching is ultimately advised. Using out-of-bound validation, Cortex administrators may reject Alertmanager configurations containing the api_key_file setting in the opsgenie_configs section and opsgenie_api_key_file in the global section before sending to the Set Alertmanager Configuration API as a workaround.

References

For more information

If you have any questions or comments about this advisory:

Affected configurations

Vulners
Node
cortexprojectcortexRange1.13.01.13.2
OR
cortexprojectcortexMatch1.14.0
VendorProductVersionCPE
cortexprojectcortex*cpe:2.3:a:cortexproject:cortex:*:*:*:*:*:*:*:*
cortexprojectcortex1.14.0cpe:2.3:a:cortexproject:cortex:1.14.0:*:*:*:*:*:*:*

Related

osv 3
cvelist 1
prion 1
nvd 1
veracode 1
redhatcve 1
cve 1
osv
osv
CVE-2022-23536
2022-12-19 22:15:10
Exposure of local files in github.com/cortexproject/cortex
2022-12-22 17:41:59
Cortex's Alertmanager can expose local files content via specially crafted config
2022-12-19 21:09:05
cvelist
cvelist
CVE-2022-23536 Alertmanager can expose local files content via specially crafted config
2022-12-19 21:10:21
prion
prion
Design/Logic Flaw
2022-12-19 22:15:00
nvd
nvd
CVE-2022-23536
2022-12-19 22:15:10
veracode
veracode
Information Disclosure
2022-12-20 03:57:52
redhatcve
redhatcve
CVE-2022-23536
2022-12-20 13:35:00
cve
cve
CVE-2022-23536
2022-12-19 22:15:10

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

35.0%

JSON
Related for GHSA-CQ2G-PW6Q-HF7J
osv3cvelist1prion1nvd1veracode1redhatcve1cve1