Lucene search
PRIOn knowledge basePRION:CVE-2023-40577HistoryAug 25, 2023 - 1:15 a.m.
Code injection
2023-08-2501:15:00
PRIOn knowledge base
www.prio-n.com
10
code injection
alertmanager
post requests
javascript
security vulnerability
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| alertmanager | eq | 0.25.0 |
Related
nvd
nvd
CVE-2023-40577
2023-08-25 01:15:09
alpinelinux
alpinelinux
CVE-2023-40577
2023-08-25 01:15:09
openvas
openvas
Debian: Security Advisory (DLA-3609-1)
2023-10-09 00:00:00
openSUSE: Security Advisory for golang (SUSE-SU-2024:0512-1)
2024-03-04 00:00:00
osv
osv
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
2023-08-23 20:42:43
prometheus-alertmanager - security update
2023-10-08 00:00:00
CVE-2023-40577
2023-08-25 01:15:09
ubuntucve
ubuntucve
CVE-2023-40577
2023-08-25 00:00:00
nessus
nessus
debian
debian
[SECURITY] [DLA 3609-1] prometheus-alertmanager security update
2023-10-08 10:14:46
cvelist
cvelist
wolfi
wolfi
CVE-2023-40577 vulnerabilities
2024-06-26 03:08:30
veracode
veracode
Cross-site Scripting (XSS)
2023-08-25 02:53:58
redhatcve
redhatcve
CVE-2023-40577
2023-08-29 15:21:59
debiancve
debiancve
CVE-2023-40577
2023-08-25 01:15:09
cgr
cgr
CVE-2023-40577 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-40577
2023-08-25 01:15:09
github
github
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
2023-08-23 20:42:43
redhat
redhat