CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

PT-2020-14841 · Prometheus +2 · Prometheus Blackbox Exporter +2

Name of the Vulnerable Software and Affected Versions: Prometheus Blackbox Exporter versions through 0.17.0 Description: The issue allows for a Server-Side Request Forgery SSRF via the /probe endpoint with the target parameter. There is a discussion suggesting this could be seen as both intended...

cn.strongculture:prometheus-spring-boot-starter (=1.0.0), com.buession.springcloud.stream:buession-springcloud-stream-core (>=2.2.1 <=2.3.3) +105 more potentially affected by CVE-2020-5413 via org.springframework.integration:spring-integration-core (>=5.3.0.RELEASE <=5.3.1.RELEASE)

org.springframework.integration:spring-integration-core MAVEN version =5.3.0.RELEASE, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.3.3...

openSUSE Security Update : SUSE Manager Client Tools (openSUSE-2020-1105)

This update fixes the following issues : dracut-saltboot : - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus : - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'ha...

OPENSUSE-SU-2020:1105-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have...

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2020:1105-1 Rating: moderate References: 1113160 1138822 1142038 1148177 1153090 1153277 1154940 1154968 1155372 1163871 1165921 1168310 1170231 1170557 1170824 1171687 1172462 Cross-References:...

SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2020:1970-1)

This update fixes the following issues : cobbler : Calculate relative path for kernel and inited when generating grub entry bsc1170231 Added: fix-grub2-entry-paths.diff Fix os-release version detection for SUSE Modified: sles15.patch Jinja2 template library fix bsc1141661 Removes string replace f...

openSUSE Security Update : grafana / grafana-piechart-panel / grafana-status-panel (openSUSE-2020-892)

This update for grafana, grafana-piechart-panel, grafana-status-panel fixes the following issues : grafana was updated to version 7.0.3 : - Features / Enhancements - Stats: include all fields. 24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. 25217, @hshoff - B...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0 servicemesh-prometheus security update

An update for servicemesh-prometheus is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 31 : fwupd (2020-ad1c74c2a1)

New upstream release - Actually reload the DFU device after upgrade has completed - Capture the dock SKU in report metadata - Correctly set the Logitech device protocol - Do not use shim for non-secure boot configurations - Ensure that the DeviceID is set for child devices - Fix an error when...

SUSE-SU-2020:1718-1 Security Beta update for SUSE Manager Client Tools and Salt

This update fixes the following issues: cobbler: - Calculate relative path for kernel and inited when generating grub entry bsc1170231 Added: fix-grub2-entry-paths.diff - Fix os-release version detection for SUSE Modified: sles15.patch - Jinja2 template library fix bsc1141661 - Removes string...

SUSE-SU-2020:1715-1 Security Beta update for SUSE Manager Client Tools and Salt

This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules - Add missing terminal naming modifiers as exported veriables golang-github-prometheus-prometheus: - Update change log and spec fil...

Mail.ru: Information Disclosure on {http://pro.tracker.my.com}

Prometheus performance metrics were publicly available on pro.tracker.my.com...

GitLab: SSRF on project import via the remote_attachment_url on a Note

Summary The Note model has an attachment which is provided by a CarrierWave uploader: ruby mountuploader :attachment, AttachmentUploader One of the features this provides is the ability to download and attach a file via a url, see...

CVE-2018-1002104

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...

Exposed Endpoints

github.com/kubernetes/ingress-nginx is uses publicly exposed endpoints. The prometheus metrics and healthz of the Kubernetes defaultbackend can be accessed by a remote attacker using a port-forward request to access the publicly accessible metrics...

CVE-2018-1002104

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...

CVE-2018-1002104

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...

Default credentials

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...