Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-40577
HistoryAug 25, 2023 - 1:15 a.m.

Code injection

2023-08-2501:15:00
PRIOn knowledge base
www.prio-n.com
10
code injection
alertmanager
post requests
javascript
security vulnerability

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.

CPENameOperatorVersion
debian_linuxeq10.0
alertmanagereq0.25.0

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%