Envoy Admin Interface Exposed through prometheus metrics endpoint

Impact A user with access to a Kubernetes cluster where Envoy Gateway is installed can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration...

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

PT-2025-5269

Name of the Vulnerable Software and Affected Versions: Envoy Gateway versions prior to 1.2.6 Description: A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can be used to...

CVE-2024-11218 vulnerabilities

Vulnerabilities for packages: buildah, podman, prometheus-podman-exporter...

CVE-2024-11218 vulnerabilities

Vulnerabilities for packages: buildah, podman...

CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.12.0-2

CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.12.0-2. A patched version of the package is available...

GHSA-5VPC-35F4-R8W6 vulnerabilities

Vulnerabilities for packages: buildah, podman, prometheus-podman-exporter...

GHSA-5VPC-35F4-R8W6 vulnerabilities

Vulnerabilities for packages: buildah, podman...

OPENSUSE-SU-2025:14660-1 golang-github-prometheus-prometheus-3.1.0-1.1 on GA media

These are all security issues fixed in the golang-github-prometheus-prometheus-3.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.10.0-16

CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.10.0-16. A patched version of the package is available...

data-agora (=0.1.1), dtx (>=0.31.0 <=0.34.0) +10 more potentially affected by CVE-2024-10044 via fastchat (=0.1.0)

fastchat PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastchat and may be impacted: - data-agora =0.1.1 - dtx =0.31.0, =0.2.0, =0.18.3, =0.0.2, =0.4.0, =0.0.1, =0.1.3, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2024-10044 Source...

[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.14.0-1.fc41

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.14.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

Fedora 41 : prometheus-podman-exporter (2024-8d1b3f4466)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8d1b3f4466 advisory. release v1.14.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora 40 : prometheus-podman-exporter (2024-f2a4ffc1ff)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f2a4ffc1ff advisory. release v1.14.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Fedora: Security Advisory (FEDORA-2024-f2a4ffc1ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-W32M-9786-JP63 vulnerabilities

Vulnerabilities for packages: helm-operator, velero-plugin-for-microsoft-azure, velero-plugin-for-csi, rqlite, cloudnative-pg, cert-manager-istio-csr, opensearch-k8s-operator, crossplane-provider-azure-managedidentity, terraform-provider-aws, cloudflared, kubescape, victoriametrics-cluster,...

AZL-54398 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.12.0-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-54522 CVE-2024-45338 affecting package prometheus-adapter for versions less than 0.10.0-16

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...