SUSE CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

PT-2026-38078

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client secret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

CVE-2026-42151

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...

PT-2026-36896

Name of the Vulnerable Software and Affected Versions Prometheus versions prior to 3.5.3 Prometheus versions prior to 3.11.3 Description The client secret field in the Azure AD remote write OAuth configuration storage/remote/azuread was incorrectly typed as a string instead of a Secret...

MiracleLinux 9 : grafana-9.0.9-3.el9 (AXSA:2023-6225:07)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6225:07 advisory. grafana: account takeover possible when using Azure AD OAuth CVE-2023-3128 Tenable has extracted the preceding description block directly from the MiracleLin...

CVE-2025-5279

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...