CVE-2018-18644

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration...

Wallarm to Sponsor KubeCon + CloudNative Con

If you have not registered yet for the main Kubernetes event in North America which will start on December 10th in Seattle, you may be out of luck. The event is sold out and is only taking the waitlist applications. But if you are going, KubeCon + CloudNativeCon promises to be a treat with the...

Happy graduation, Envoy!

Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and...

Wallarm joins CNCF to promote Kubernetes security

Wallarm has recently joined the Linux Foundation and its sister organization, Cloud Native Computing Foundation. Wallarm will be contributing its AI/ML security expertise within the LF and CNCF communities to support the sustainability and adoption of open source technologies. Wallarm and its...

Gitlab -- multiple vulnerabilities

Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...

What’s New in Wallarm Node 2.10

We have recently released a new version of Wallarm Node. After your next update window, you will see some new features your DevOps team is certain to like. Firstly, your monitoring and reporting got a lot livelier. Starting with this version in addition to JSON format metrics can be exported in...

Information disclosure

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames...

CVE-2018-14602

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames...

CVE-2018-14602

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames...

CVE-2018-14602

Removed by vendor...

CVE-2018-14602

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames...

CVE-2018-14602

GitLab CE/EE prior to 10.8.7, 11.0.x prior to 11.0.5, and 11.1.x prior to 11.1.2 expose private project pathnames via the Prometheus metrics endpoint, causing information disclosure. Root cause: the metrics feature reveals sensitive path information. Impact: partial confidentiality loss for priva...

GitLab CE and EE Information Disclosure Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. An information...

Denial Of Service (DoS)

github.com/prometheus/prometheus is vulnerable to denial of service DoS attacks. The application does not restrict the size of a POST request body, allowing a malicious client to write an arbitrary amount of data to the server to cause an out-of-memory exception that can crash the application...

[SECURITY] Fedora 28 Update: python-prometheus_client-0.2.0-1.fc28

The Python client for Prometheus...

Slack: Information leakage and default open port

@freem0 found Prometheus plugin output that was exposed at one of our servers. The information exposed including some OS information metrics about memory usage, but no customer data was at risk and no exploit was possible. Thank you @freem0!...

Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6087/info Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in several PHP script files provided with Prometheus. An attacker may...

CVE-2002-1211

Prometheus 6.0 and earlier is vulnerable to remote PHP code execution via a tainted PROMETHEUS_LIBRARY_BASE that can be set to a remote server and loaded by index.php, install.php, or test_*.php. The underlying flaw is the conditional inclusion of files (autoload.lib, prometheus-lib.path) based o...

CVE-2002-1211

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...

CVE-2002-1211

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUSLIBRARYBASE that points to code stored on a remote server, which is then used in 1 index.php, 2 install.php, or 3 various test.php scripts...