143 matches found
UBUNTU-CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
CVE-2025-3454
Grafana’s CVE-2025-3454 affects the datasource proxy API, where an extra slash in the URL path bypasses authorization checks, potentially allowing read access to GET endpoints for Alertmanager and Prometheus datasources. The issue targets route-specific permission implementations and is noted in ...
Authorization Bypass in Datasource Proxy
This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media (moderate)
golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15178-1 Rating: moderate Cross-References: CVE-2025-22870 CVSS scores: CVE-2025-22870 SUSE : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2025-22870 SUSE : 4.8...
OPENSUSE-SU-2025:15178-1 golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media
These are all security issues fixed in the golang-github-prometheus-alertmanager-0.28.1-2.1 package on the GA media of openSUSE Tumbleweed...
CVE-2021-31231
The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The...
SUSE CVE-2025-3454
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
Linux Distros Unpatched Vulnerability : CVE-2023-40577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the...
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: redka, yam, regclient, swagger, harbor-scanner-trivy, grpc-health-probe, smarter-device-manager, metacontroller, chartmuseum, vexctl, skopeo, protoc-gen-go, dgraph, nats-server, secrets-store-csi-driver-provider-gcp, ollama, vault-k8s, flux-image-reflector-controller...
Security update for SUSE Manager Client Tools
This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: Added MAC based terminal naming option jscSUMA-314 golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated...
Fedora 41 : golang-github-prometheus-alertmanager (2024-8580c06716)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8580c06716 advisory. Automatic update for golang-github-prometheus-alertmanager-0.27.0-1.fc41. Changelog Thu Apr 18 2024 Mikel Olasagasti Uranga - 0.27.0-1 - Update to 0.27.0 -...
BIT-ALERTMANAGER-2023-40577 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...
Fedora: Security Advisory (FEDORA-2023-0c6723004f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the file /api/v1/alerts of the Prometheus monitoring system, which is used to process alerts from Alertmanager, allows a perpetrator to execute arbitrary code.
The vulnerability of the Prometheus monitoring system’s /api/v1/alerts file for processing alerts by Alertmanager is related to improper handling of input data during the generation of web pages. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...
ROS-20240827-17
Vulnerability in the /api/v1/alerts file of the Prometheus monitoring system component for processing alerts Alertmanager is related to incorrect neutralization of input data during web page generation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
GO-2023-2020 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint in github.com/prometheus/alertmanager
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint in github.com/prometheus/alertmanager...
Ubuntu: Security Advisory (USN-6935-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...