Ubuntu: Security Advisory (USN-6935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6935-1 prometheus-alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

USN-6935-1: Prometheus Alertmanager vulnerability

It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Prometheus Alertmanager vulnerability (USN-6935-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6935-1 advisory. It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with...

GHSA-MH55-GQVF-XFWM vulnerabilities

Vulnerabilities for packages: cortex, grafana-mimir, ipfs, fulcio, datadog-agent, timestamp-authority, prometheus-alertmanager, rekor...

openSUSE Security Advisory (SUSE-SU-2024:0512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2024:0512-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0512-1 advisory. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST...

SUSE-SU-2024:0512-1 Security update for golang-github-prometheus-alertmanager

This update for golang-github-prometheus-alertmanager fixes the following issues: golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: + CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: flux, kubeflow-katib, terraform-provider-sendgrid-fips, tkn, caddy, kube-state-metrics-fips, crossplane-provider-aws, kubernetes-csi-external-provisioner, minio, vertical-pod-autoscaler, prometheus-elasticsearch-exporter, bom, pulumi, kubevela, gitness,...

Debian: Security Advisory (DLA-3609-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3609-1] prometheus-alertmanager security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3609-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaries October 08, 2023 https://wiki.debian.org/LTS -...

DLA-3609-1 prometheus-alertmanager - security update

Bulletin has no description...

Debian dla-3609 : golang-github-prometheus-alertmanager-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3609 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3609-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-40577

Prometheus Alertmanager is vulnerable to cross-site scripting due to improper validation of user-supplied input by the /api/v1/alerts endpoint. This issue could allow a remote attacker to inject malicious script into a web page, which would be executed in a victim's web browser within the hosting...

DEBIAN-CVE-2023-40577

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

CVE-2023-40577 vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager...

CVE-2023-40577

CVE-2023-40577 affects Prometheus Prometheus Alertmanager. The issue allows an attacker with POST permission on the /api/v1/alerts endpoint to cause arbitrary JavaScript execution in users of Alertmanager (stored XSS). The vulnerability is tied to the Alertmanager component handling incoming aler...

GHSA-V86X-5FM3-5P7J vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager...

GHSA-V86X-5FM3-5P7J vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager...

SUSE: Security Advisory (SUSE-SU-2022:3747-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...