Lucene search
GoogleOSV:GO-2022-1175HistoryDec 22, 2022 - 5:41 p.m.
Exposure of local files in github.com/cortexproject/cortex
2022-12-2217:41:59
Google
osv.dev
21
cortex
alertmanager
api vulnerability
local files
github
malicious actor
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
35.0%
A malicious actor could remotely read local files by submitting to the Alertmanager Set Configuration API maliciously crafted inputs. Only users of the Alertmanager service where “-experimental.alertmanager.enable-api” or “enable_api: true” is configured are affected.
Related
osv
osv
CVE-2022-23536
2022-12-19 22:15:10
github
github
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-12-19 22:15:00
nvd
nvd
CVE-2022-23536
2022-12-19 22:15:10
veracode
veracode
Information Disclosure
2022-12-20 03:57:52
redhatcve
redhatcve
CVE-2022-23536
2022-12-20 13:35:00
cve
cve
CVE-2022-23536
2022-12-19 22:15:10
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
35.0%
Related for OSV:GO-2022-1175