Fedora 41 : prometheus-podman-exporter (2024-28e375f8ca)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-28e375f8ca advisory. release 1.13.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 37 : golang-github-prometheus-client (2022-d8881cf797)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d8881cf797 advisory. Automatic update for golang-github-prometheus-client-1.12.2-1.fc37. Changelog Wed Jun 22 2022 Maxwell G 1.12.2-1 - Update to 1.12.1 Close: rhbz2042592...

CVE-2023-45288 affecting package prometheus for versions less than 2.45.4-4

CVE-2023-45288 affecting package prometheus for versions less than 2.45.4-4. A patched version of the package is available...

CVE-2023-45288 affecting package prometheus for versions less than 2.37.9-2

CVE-2023-45288 affecting package prometheus for versions less than 2.37.9-2. A patched version of the package is available...

CVE-2023-39325 affecting package prometheus for versions less than 2.37.9-2

CVE-2023-39325 affecting package prometheus for versions less than 2.37.9-2. A patched version of the package is available...

BIT-ALERTMANAGER-2023-40577 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

BIT-RABBITMQ-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

CVE-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

CVE-2024-51988 HTTP API's queue deletion endpoint does not verify that the user has a required permission

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

CVE-2024-51988

CVE-2024-51988 affects RabbitMQ: queue deletion via the HTTP API could bypass the configure permission, allowing users with credentials, some vhost permissions, and HTTP API access to delete queues they should not. Affected versions include Open Source RabbitMQ up to 3.12.10 (fixed in 3.12.11) an...

AZL-52266 CVE-2024-51744 affecting package prometheus for versions less than 2.37.9-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52210 CVE-2024-51744 affecting package prometheus for versions less than 2.45.4-12

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.13.3-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.13.3-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

Fedora 40 : prometheus-podman-exporter (2024-69528c0ba6)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-69528c0ba6 advisory. release 1.13.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 39 : prometheus-podman-exporter (2024-ee9f0f22b6)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ee9f0f22b6 advisory. release 1.13.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora: Security Advisory (FEDORA-2024-ee9f0f22b6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-69528c0ba6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.13.3-1.fc41

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

CVE-2024-24786 affecting package prometheus for versions less than 2.37.9-1

CVE-2024-24786 affecting package prometheus for versions less than 2.37.9-1. A patched version of the package is available...