CVE-2018-1002104

Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...

CVE-2018-1002104

CVE-2018-1002104 affects Kubernetes ingress default backend versions = 1.5) is implied but not confirmed in these sources.

U.S. Dept Of Defense: Publicly accessible Grafana install allows pivoting to Prometheus datasource

Summary: A publicly accessible Grafana install exposes semi sensitive Dashboards. This also exposes the Prometheus proxied datasources which allow direct queries to a Prometheus instance which reveals sensitive data an opens the instance up to potential DoS via crafted requests. Description: Impa...

openSUSE Security Update : haproxy (openSUSE-2019-2556)

This update for haproxy to version 2.0.5+git0.d905f49a fixes the following issues : Security issue fixed : - CVE-2019-14241: Fixed a cookie memory corruption problem. bsc1142529 The update to 2.0.5 brings lots of features and bugfixes : - new internal native HTTP representation called HTX, was...

Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:2555-1 Rating: moderate References: 1142529 Cross-References: CVE-2019-14241 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for haproxy ...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.2.4 golang-github-prometheus-prometheus-container security update

An update for golang-github-prometheus-prometheus-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE SLED15 / SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2019:2317-1)

This update fixes the following issues : golang-github-prometheus-prometheus : Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery Readded service file removed in error. Update to 2.11.1 + Bug Fix : - Fix potential panic when prometheus is watching multip...

SUSE-SU-2019:2317-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery - Readded service file removed in error. - Update to 2.11.1 + Bug Fix: Fix potential panic when prometheus is watching...

SUSE-SU-2019:2312-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-prometheus-prometheus: - Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery - Readded service file removed in error. - Update to 2.11.1 + Bug Fix: Fix potential panic when prometheus is watching...

Grafana Access Control Error Vulnerability

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. An access control error vulnerability exists in Grafana, which can be exploited by an...

GitLab CE/EE Server-Side Request Forgery Vulnerability (CNVD-2019-23574)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A...

CVE-2018-19495

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration...

CVE-2018-19495

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration...

CVE-2018-19495

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration...

CVE-2018-19495

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration...

CVE-2018-19495

CVE-2018-19495 affects GitLab Community and Enterprise Edition prior to versions 11.3.11, 11.4.x prior to 11.4.8, and 11.5.x prior to 11.5.1, with an SSRF vulnerability in the Prometheus integration. The issue is documented across multiple sources (NVD/OSV/CVE lists) and has a published security ...

CVE-2018-19495

Removed by vendor...

Security Bulletin: IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus (CVE-2018-14041)

Summary IBM Cloud Private Monitoring is vulnerable to XSS attack in Prometheus Vulnerability Details CVEID: CVE-2018-14041 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the data-target property of scrollspy. A remote attacker...

Prometheus Cross-Site Scripting Vulnerability

Prometheus is open source software written in the Go language for recording real-time metrics from time-series databases built using the HTTP pull model. A cross-site scripting vulnerability exists in Prometheus versions prior to 2.7.1 that stems from a lack of proper validation of client-side da...