SUSE CVE-2023-40577

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

GLSA-202401-15 : Prometheus SNMP Exporter: Basic Authentication Bypass

The remote host is affected by the vulnerability described in GLSA-202401-15 Prometheus SNMP Exporter: Basic Authentication Bypass - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users...

Prometheus SNMP Exporter: Basic Authentication Bypass

Background The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest. Description A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details. Impact A user who knows the...

GitLab 0.0 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-3613)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus...

CVE-2022-39337 Permission bypass due to incorrect configuration in github.com/dromara/hertzbeat

Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without authorization...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, terraform-docs, eksctl, rqlite, trillian, cloud-sql-proxy-fips, terraform-provider-aws, crossplane-provider-azure-managedidentity, cloudflared, kubescape, kiam, node-problem-detector, aactl, crossplane, src-fingerprint, kube-state-metrics,...

Withdrawn Advisory: Prometheus XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. Original Description A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version...

olcne security update

conmon 2.1.3-7 - Resolve CVE-2023-39325 2.1.3-6 - Add ol8baseoslatest, and ol9baseoslatest, to Jenkinsfile 2.1.3-5 - Add systemd-devel as build requirement 2.1.3-4 - Add support ARM build 2.1.3.3 - Add OL9 support 2.1.3.2 - Update inline with Linux team building conmon for all but OL7. cri-o...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: protoc-gen-go-grpc, prometheus-statsd-exporter-fips, docker-cli, helm-push, hey, gobuster, slsa-verifier, cni-plugins-fips, gops, cass-operator-fips, dgraph, prometheus-bind-exporter, oras, prometheus-beat-exporter-fips, gke-gcloud-auth-plugin,...

CVE-2023-45286 vulnerabilities

Vulnerabilities for packages: rclone...

PT-2023-30962

Name of the Vulnerable Software and Affected Versions Apache DolphinScheduler versions 3.0.0 through 3.0.1 Description The issue concerns the exposure of sensitive information to unauthorized actors, potentially including database credentials. This exposure can occur in Apache DolphinScheduler,...

[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.5.0-1.fc38

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.5.0-1.fc39

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 37 Update: prometheus-podman-exporter-1.5.0-1.fc37

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2023-b43faebc9f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-b75ee820ce)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for prometheus-podman-exporter (FEDORA-2023-b60ff8c9ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : prometheus-podman-exporter (2023-b60ff8c9ec)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b60ff8c9ec advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / cri-o / keda / kube-vip-cloud-provider / kured / moby-engine / node-problem-detector (CVE-2022-21698)

The version of application-gateway-kubernetes-ingress / cri-o / keda / kube-vip-cloud-provider / kured / moby-engine / node-problem-detector installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-21698...

Fedora 38 : prometheus-podman-exporter (2023-b43faebc9f)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b43faebc9f advisory. release v1.5.0 + security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...