Report Generation Fails with "lookup prometheus-server-exp: no such host"

Challenge After enabling Veeam Kasten for Kubernetes reports, reports are not generated. When running an on-demand report policy, the following error message is observed within the executor logs: "message":"Post "http://prometheus-server-exp:80/k10/prometheus/api/v1/query": dial tcp: lookup...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: py3-azure-identity, grafana-agent-operator, terragrunt, hugo-extended, pulumi, trino, prometheus, falcoctl-fips, rook, goreleaser, k8sgpt, tekton-chains, boring-registry, cortex, zarf, keda-fips, trivy, teleport, sigstore-scaffolding-fips, grafana, spire-server,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: thanos, tkn, hugo, airflow, flux-source-controller, teleport, fluent-bit-plugin-loki, policy-controller, flux, velero, boring-registry, py3-azure-identity, timestamp-authority, zarf, cortex, datadog-agent, falcoctl, sops, cosign, flux-kustomize-controller, bank-vault...

AZL-42646 CVE-2024-35255 affecting package prometheus for versions less than 2.45.4-12

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.12.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

Fedora 39 : prometheus-podman-exporter (2024-1bae1999ba)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1bae1999ba advisory. release 1.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this iss...

Fedora: Security Advisory (FEDORA-2024-2f8a62d6d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : prometheus-podman-exporter (2024-2f8a62d6d6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2f8a62d6d6 advisory. release 1.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this iss...

Fedora: Security Advisory (FEDORA-2024-1bae1999ba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: buildah, prometheus-nats-exporter, crossplane-provider-gcp, kube-vip-fips, amass, gosu, k9s, nri-discovery-kubernetes, nats, gh, k8s-device-plugin, kube-bench, kwok, k8sgpt, mods, boring-registry, kube-logging-operator, kuberay-operator, cert-exporter,...

CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.10.0-12

CVE-2024-24786 affecting package prometheus-adapter for versions less than 0.10.0-12. A patched version of the package is available...

GitLab 13.7 < 13.7.2 (CVE-2021-22166)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method CVE-2021-22166 Note that Nessus has not tested for this issue but has instead...

GitLab 13.2 < 13.6.7 / 13.7 < 13.7.7 / 13.8 < 13.8.4 (CVE-2021-22178)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. CVE-2021-22178 Note that Nessus has not teste...

GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.

Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...

RHEL 7 : prometheus_client_golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 Note that Nessus has not...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: prometheus-nats-exporter, crossplane-provider-gcp, gosu, k9s, kube-bench, kwok, k8sgpt, mods, boring-registry, cert-exporter, k3d, certificate-transparency-fips, kubernetes-dashboard-metrics-scraper, melange, flux-source-controller, kubernetes-dashboard, kubescape,...

CVE-2024-34045

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-countersININITIMSGCOUNTERProcedureCodeidE2setup-Increment...

CVE-2024-34046

The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo-sctpParams-e2tCountersINSUCCMSGCOUNTERProcedureCodeidRICsubscription-Increment...