1410 matches found
PT-2023-17198 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 11.10 through 15.8.5 GitLab versions 15.9 through 15.9.4 GitLab versions 15.10 through 15.10.1 Description: A denial of service condition exists in the Prometheus server bundled with GitLab. This issue affects various versions...
GitLab 11.10 < 15.8.5 / 15.9 < 15.9.4 / 15.10 < 15.10.1 (CVE-2023-1733)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. CVE-2023-1733 Note that Nessus has n...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab Community Edition and GitLab...
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2
CVE-2023-44487 affecting package prometheus-adapter for versions less than 0.10.0-2. A patched version of the package is available...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:0821-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0821-1 advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1...
CVE-2023-27591
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
Default configuration
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...
CVE-2023-27591
CVE-2023-27591 affects Miniflux prior to v2.0.43. An unauthenticated user could retrieve Prometheus metrics from a publicly reachable Miniflux instance when the metrics collector is enabled and METRICS_ALLOWED_NETWORKS is set to 127.0.0.1/8 (default). A patch is available in Miniflux v2.0.43. Wor...
Miniflux 安全漏洞
Miniflux is a minimalist synopsis reader. A security vulnerability exists in Miniflux versions prior to 2.0.43. An attacker exploiting this vulnerability could access Prometheus metrics...
PT-2023-21231 · Miniflux · Miniflux
Name of the Vulnerable Software and Affected Versions: Miniflux versions prior to 2.0.43 Description: Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICS COLLECTOR configuration...
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
UBUNTU-CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
PT-2023-14158 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.3 through 15.7.7 GitLab versions 15.8.0 through 15.8.3 GitLab versions 15.9.0 through 15.9.1 Description: An issue has been discovered in GitLab where Google IAP details in Prometheus integration were not hidden and could b...