CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1423 matches found

UbuntuCve•added 2021/05/19 8:15 p.m.•16 views

CVE-2021-29622

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

6.5CVSS6.6AI score0.87475EPSS

Exploits0References5

Debian CVE•added 2021/05/19 8:0 p.m.•38 views

CVE-2021-29622

6.5CVSS6.2AI score0.87475EPSS

Exploits0

CVE•added 2021/05/19 8:0 p.m.•250 views

CVE-2021-29622

CVE-2021-29622 affects Prometheus. A bug in the /new endpoint during the 2.23.0 UI migration allows an attacker to craft a URL that redirects users to an arbitrary address. The issue is mitigated by upgrading to versions that patch it (2.26.1 and 2.27.1) and by removing the /new endpoint in 2.28....

6.5CVSS6.4AI score0.87475EPSS

Exploits0References3Affected Software1

AlpineLinux•added 2021/05/19 8:0 p.m.•45 views

CVE-2021-29622

6.5CVSS6.5AI score0.87475EPSS

Exploits0

CNNVD•added 2021/05/19 12:0 a.m.•1 views

Prometheus 输入验证错误漏洞

Prometheus is an open source software written in the Go language for recording real-time metrics from time series databases built using the HTTP pull model. Prometheus suffers from an input validation error vulnerability that can be exploited by an attacker to redirect to any other URL...

6.5CVSS6.4AI score0.87475EPSS

Exploits0References8

Hacker One•added 2021/05/18 5:32 a.m.•739 views

R3: Exposed Prometheus instance at prometheus.qa.r3.com

Summary Hi there, just wanted to note that all of your assets are listed as out of scope on HackerOne right now, which is a bit confusing. Nevertheless, I noticed that your Prometheus server at prometheus.qa.r3.com is exposed to the internet, which appears to let you view all of the internal...

0.5AI score

Exploits0

FreeBSD•added 2021/05/18 12:0 a.m.•57 views

Prometheus -- arbitrary redirects

Prometheus reports: Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an...

6.5CVSS2.9AI score0.87475EPSS

Exploits0References1

Tenable Nessus•added 2021/05/05 12:0 a.m.•56 views

SUSE SLES15 Security Update : ceph (SUSE-SU-2021:1473-1)

This update for ceph fixes the following issues : ceph was updated to 14.2.20-402-g6aa76c6815 : - CVE-2021-20288: Fixed unauthorized globalid reuse bsc1183074. - CVE-2020-25678: Do not add sensitive information in Ceph log files bsc1178905. - CVE-2020-27839: Use secure cookies to store JWT Token...

7.2CVSS6.9AI score0.00239EPSS

Exploits0References20

OpenVAS•added 2021/04/19 12:0 a.m.•21 views

SUSE: Security Advisory (SUSE-SU-2020:1970-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.8AI score0.9295EPSS

Exploits6References22

CNVD•added 2021/03/25 12:0 a.m.•10 views

GitLab server-side request forgery vulnerability (CNVD-2021-26068)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. GitLab suffers from a server-side request forgery vulnerability that can be exploited via Prometheu...

5CVSS6.6AI score0.00275EPSS

Exploits1References1