CVE-2022-3613

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service...

CVE-2022-3613

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service...

PT-2023-13456 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.5.7 GitLab CE/EE versions 15.6.0 through 15.6.3 GitLab CE/EE versions 15.7.0 through 15.7.1 Description: An issue has been discovered in GitLab CE/EE where a crafted Prometheus Server query can cause high...

CVE-2022-3613

The CVE-2022-3613 entry affects GitLab CE/EE: affected versions are all before 15.5.7, 15.6 before 15.6.4, and 15.7 before 15.7.2. The root cause is a crafted Prometheus Server query that can cause high resource consumption, leading to a Denial of Service. The provided connected documents confirm...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab is a product of the U.S. and other are U.S. GitLab.GitLab is an open source, end-to-end software development platform.Git is a free, open source, distributed version control system.Prometheus and other are products.Prometheus is an open source software program written in the Go language fo...

CVE-2022-3613

Removed by vendor...

CVE-2022-3613

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service...

FreeBSD : Gitlab -- Multiple Vulnerabilities (3a023570-91ab-11ed-8950-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a023570-91ab-11ed-8950-001b217b3468 advisory. - Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7...

Fedora 36 : golang-github-distribution-3 (2022-13ad572b5a)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-13ad572b5a advisory. Update to 3.0.0 pre1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

CVE-2022-23536

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted t...

Design/Logic Flaw

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted t...

CVE-2022-23536

The CVE-2022-23536 issue affects Cortex (multi-tenant storage for Prometheus) where a local file inclusion vulnerability exists in Cortex versions 1.13.0 , 1.13.1 , and 1.14.0 . A malicious actor could remotely read local files by submitting maliciously crafted Alertmanager configurations via the...

CVE-2022-23536 Alertmanager can expose local files content via specially crafted config

Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted t...

RHEL 8 : prometheus-jmx-exporter (RHSA-2022:9058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:9058 advisory. Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security...

AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2022:9058)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:9058 advisory. - SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can le...

Important: Red Hat Security Advisory: prometheus-jmx-exporter security update

An update for prometheus-jmx-exporter is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

prometheus-jmx-exporter security update

An update is available for prometheus-jmx-exporter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Prometheus JMX Exporter is a JMX to Prometheus exporter: a...

RLSA-2022:9058 Important: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...

SUSE-SU-2022:4501-1 Security update for ceph

This update for ceph fixes the following issues: ceph was updated to the Pacific release 16.2.9-536-g41a9f9a5573: + bsc1195359, bsc1200553 rgw: check bucket shard init status in RGWRadosBILogTrimCR + bsc1194131 ceph-volume: honour osddmcryptkeysize option CVE-2021-3979 + bsc1200064, Remove last...

Oracle Linux 8 : ELSA-2022-9058-1: / prometheus-jmx-exporter (ELSA-2022-90581)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-90581 advisory. 0.12.0-9 - Fix CVE-2022-1471 by using SafeConstructor. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...