OPENSUSE-SU-2025:15178-1 golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media

These are all security issues fixed in the golang-github-prometheus-alertmanager-0.28.1-2.1 package on the GA media of openSUSE Tumbleweed...

prometheus-blackbox_exporter-0.24.0-3.1 on GA media (moderate)

prometheus-blackboxexporter-0.24.0-3.1 on GA media Announcement ID: openSUSE-SU-2025:15162-1 Rating: moderate Cross-References: CVE-2023-45288 CVE-2025-22870 CVSS scores: CVE-2023-45288 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-45288 SUSE : 6.9...

OPENSUSE-SU-2025:15162-1 prometheus-blackbox_exporter-0.24.0-3.1 on GA media

These are all security issues fixed in the prometheus-blackboxexporter-0.24.0-3.1 package on the GA media of openSUSE Tumbleweed...

Fedora: Security Advisory (FEDORA-2025-12ac4e9cfd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-8d1b3f4466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-28e375f8ca)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-52307

authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...

CVE-2024-28867

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

CVE-2024-12564

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things...

CVE-2024-34045

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-countersININITIMSGCOUNTERProcedureCodeidE2setup-Increment...

CVE-2023-27591

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

CVE-2023-1733

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1...

CVE-2022-4289

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...

CVE-2020-16248

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...

golang-github-prometheus-node_exporter-1.9.1-3.1 on GA media (moderate)

golang-github-prometheus-nodeexporter-1.9.1-3.1 on GA media Announcement ID: openSUSE-SU-2025:15075-1 Rating: moderate Cross-References: CVE-2023-45288 CVSS scores: CVE-2023-45288 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-45288 SUSE : 6.9...

OPENSUSE-SU-2025:15075-1 golang-github-prometheus-node_exporter-1.9.1-3.1 on GA media

These are all security issues fixed in the golang-github-prometheus-nodeexporter-1.9.1-3.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-22872 affecting package prometheus-adapter for versions less than 0.12.0-3

CVE-2025-22872 affecting package prometheus-adapter for versions less than 0.12.0-3. A patched version of the package is available...

CVE-2024-51744 affecting package prometheus for versions less than 2.45.4-12

CVE-2024-51744 affecting package prometheus for versions less than 2.45.4-12. A patched version of the package is available...

CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12

CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12. A patched version of the package is available...

SUSE CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...