1410 matches found
CVE-2022-4289
Removed by vendor...
CVE-2022-4289
GitLab CVE-2022-4289 affects all versions from 15.3 up to before 15.7.8, versions 15.8 up to before 15.8.4, and 15.9 up to before 15.9.2. The issue is that Google IAP details in the Prometheus integration were not hidden and could be leaked from instance, group, or project settings to other users...
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from unhidden Google IAP...
GitLab 15.3 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2022-4289)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus...
AZL-25938 CVE-2022-3162 affecting package prometheus-adapter for versions less than 0.10.0-17
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions...
SUSE SLES12 Security Update : prometheus-ha_cluster_exporter (SUSE-SU-2023:0467-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0467-1 advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a...
SUSE-SU-2023:0467-1 Security update for prometheus-ha_cluster_exporter
This update for prometheus-haclusterexporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit bsc1208046, bsc1208047...
SUSE SLES15 / openSUSE 15 Security Update : prometheus-ha_cluster_exporter (SUSE-SU-2023:0465-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0465-1 advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has acces...
SUSE SLES15 Security Update : prometheus-ha_cluster_exporter (SUSE-SU-2023:0460-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0460-1 advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a...
SUSE-SU-2023:0465-1 Security update for prometheus-ha_cluster_exporter
This update for prometheus-haclusterexporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit bsc1208046, bsc1208047...
SUSE-SU-2023:0460-1 Security update for prometheus-ha_cluster_exporter
This update for prometheus-haclusterexporter fixes the following issues: Updated to version 1.3.1: - CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit bsc1208046, bsc1208047...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.27 security update
Red Hat OpenShift Container Platform release 4.11.27 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...
SUSE CVE-2018-1002104
Versions 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly...
SUSE CVE-2019-3826
A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts...
SUSE CVE-2021-29622
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...
SUSE CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
GitLab < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 DoS (CVE-2022-3613)
The version of GitLab installed on the remote host is prior to 15.5.7, 15.6.4, 15.7.2. It is, therefore, affected by a denial of service vulnerability as referenced in the SECURITY-RELEASE-GITLAB-15-7-2-RELEASED advisory. - An issue has been discovered in GitLab CE/EE affecting all versions befor...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.26 security update
Red Hat OpenShift Container Platform release 4.11.26 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...
FreeBSD : node_exporter -- bypass security with cache poisoning (d835c54f-a4bd-11ed-b6af-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d835c54f-a4bd-11ed-b6af-b42e991fc52e advisory. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8....