RHEL 8 : prometheus-jmx-exporter (RHSA-2020:4807)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4807 advisory. Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security...

prometheus-jmx-exporter security update

An update is available for prometheus-jmx-exporter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Prometheus JMX Exporter is a JMX to Prometheus exporter: a...

ALSA-2020:4807 Moderate: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 For more details about the security issues, including the impact, a CVSS score...

Moderate: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 For more details about the security issues, including the impact, a CVSS score...

RLSA-2020:4807 Moderate: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: snakeyaml: Billion laughs attack via alias feature CVE-2017-18640 For more details about the security issues, including the impact, a CVSS score...

Security update for grafana (moderate)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2020:1611-1 Rating: moderate References: 1044444 1044933 1115960 1170557 Cross-References: CVE-2018-19039 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379 Affected Products: openSUSE Backports SLE-15-SP1 An update that...

SUSE-SU-2020:2832-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Pin Golang version to 1.14 golang-github-prometheus-nodeexporter: - Update to 1.0.1 Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add service file...

Security update for docker-distribution (moderate)

openSUSE Security Update: Security update for docker-distribution Announcement ID: openSUSE-SU-2020:1433-1 Rating: moderate References: 1033172 1049850 Cross-References: CVE-2017-11468 Affected Products: openSUSE Backports SLE-15-SP2 An update that solves one vulnerability and has one errata is n...

SUSE-SU-2020:2606-1 Security update for golang-github-prometheus-prometheus

This update for golang-github-prometheus-prometheus to version 2.18.0 fixes the following issues: - Fixed some building issues bsc1175478 - prometheus components systemd units should depend on network target bsc1143913. Update to 2.18.0 + Features Tracing: Added experimental Jaeger support 7148 +...

olcne conmon coredns cri-o cri-tools etcd flannel grafana helm istio kata kata-agent kata-image kata-ksm-throttler kata-proxy kata-runtime kata-shim kubernetes kubernetes-cni kubernetes-cni-plugins kubernetes-dashboard prometheus yq security update

olcne 1.1.5-2 - kubernetes pod subnet flag not honored in flannel configuration 1.1.5-1 - Address CVE-2020-16845 conmon 2.0.10-3 - Address CVE-2020-16845 coredns 1.6.5-1.0.3 - Address CVE-2020-16845 cri-o 1.17.0-1.0.5 - Address CVE-2020-16845 cri-tools 1.17.0-1.0.2 - Address CVE-2020-16845...

Oracle Linux 7 : olcne / conmon / coredns / cri-o / cri-tools / etcd / flannel / grafana / helm / istio / kata / kata-agent / kata-image / kata-ksm-throttler / kata-proxy / kata-runtime / kata-shim / kubernetes / kubernetes-cni / kubernetes-cni-plugins / kubernetes-dashboard / prometheus / yq (ELSA-2020-5827)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5827 advisory. - Address CVE-2020-16845 conmon - Address CVE-2020-16845 coredns - Address CVE-2020-16845 cri-o - Address CVE-2020-16845 cri-tools - Address CVE-2020-16845 -...

Prometheus Blackbox Exporter Code Issue Vulnerability

Prometheus Blackbox Exporter is a blackbox exporter released by the Linux Foundation in the United States that allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. A code issue vulnerability exists in Prometheus Blackbox Exporter 0.17.0 and earlier versions. The vulnerability...

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

DEBIAN-CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

UBUNTU-CVE-2020-16248

DISPUTED Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

Design/Logic Flaw

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

CVE-2020-16248

Prometheus Blackbox Exporter (versions up to 0.17.0) contains a server-side request forgery (SSRF) vulnerability in the /probe endpoint due to an unsanitized target parameter. Exploitation allows an attacker to craft a target value to trigger SSRF, potentially reaching internal assets. The nuclei...

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...