Lucene search
K

148 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.10 views

TencentOS Server 4: alertmanager (TSSA-2024:0822)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0822 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.6AI score0.00568EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/06 12:0 a.m.17 views

Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...

8.3CVSS7.6AI score0.00484EPSS
Exploits0References2
OSV
OSV
added 2025/06/04 2:44 p.m.3 views

BIT-GRAFANA-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.5AI score0.00414EPSS
Exploits0References2
OSV
OSV
added 2025/06/02 12:30 p.m.6 views

GHSA-9J65-RV5X-4VRF Grafana's datasource proxy API allows authorization checks to be bypassed

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS7AI score0.12241EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/02 12:30 p.m.152 views

Grafana's datasource proxy API allows authorization checks to be bypassed

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

6.8CVSS6.5AI score0.12241EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/06/02 11:15 a.m.3 views

UBUNTU-CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.8AI score0.00414EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/02 10:34 a.m.7 views

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.6AI score0.00414EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 10:34 a.m.43 views

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS0.00414EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/06/02 10:34 a.m.12 views

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS5.4AI score0.00414EPSS
Exploits0
CVE
CVE
added 2025/06/02 10:34 a.m.322 views

CVE-2025-3454

Grafana’s CVE-2025-3454 affects the datasource proxy API, where an extra slash in the URL path bypasses authorization checks, potentially allowing read access to GET endpoints for Alertmanager and Prometheus datasources. The issue targets route-specific permission implementations and is noted in ...

5CVSS6.6AI score0.00414EPSS
Exploits0References1
Grafana
Grafana
added 2025/06/02 12:0 a.m.9 views

Authorization Bypass in Datasource Proxy

This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.6AI score0.00414EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2025/05/31 12:0 a.m.7 views

golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media (moderate)

golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15178-1 Rating: moderate Cross-References: CVE-2025-22870 CVSS scores: CVE-2025-22870 SUSE : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2025-22870 SUSE : 4.8...

4.8CVSS7.3AI score0.00384EPSS
Exploits2
OSV
OSV
added 2025/05/30 12:0 a.m.4 views

OPENSUSE-SU-2025:15178-1 golang-github-prometheus-alertmanager-0.28.1-2.1 on GA media

These are all security issues fixed in the golang-github-prometheus-alertmanager-0.28.1-2.1 package on the GA media of openSUSE Tumbleweed...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.5 views

CVE-2021-31231

The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The...

5.5CVSS6.1AI score0.00277EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/24 11:33 a.m.2 views

SUSE CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

4.3CVSS6.7AI score0.00414EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2023-40577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the...

7.5CVSS7.4AI score0.00568EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.32 views

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: stern, secrets-store-csi-driver-provider-gcp, kaniko, docker-credential-ecr-login, prometheus-blackbox-exporter, smarter-device-manager, nri-apache, kaf, crossplane-provider-azure, terragrunt, vault-k8s, local-static-provisioner, kubeadm-bootstrap-controller, ferretd...

5.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/02/14 7:19 a.m.5 views

Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: Added MAC based terminal naming option jscSUMA-314 golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated...

9.4CVSS8.7AI score0.04094EPSS
Exploits3References62
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.14 views

Fedora 41 : golang-github-prometheus-alertmanager (2024-8580c06716)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8580c06716 advisory. Automatic update for golang-github-prometheus-alertmanager-0.27.0-1.fc41. Changelog Thu Apr 18 2024 Mikel Olasagasti Uranga - 0.27.0-1 - Update to 0.27.0 -...

7.5CVSS7AI score0.03796EPSS
Exploits0References2
OSV
OSV
added 2024/11/08 7:9 p.m.10 views

BIT-ALERTMANAGER-2023-40577 Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...

7.5CVSS6.6AI score0.00568EPSS
Exploits0References3
Rows per page
Query Builder