7 matches found
EUVD-2021-1352
Malware in sbrugna...
Improper input validation in CNCF Cortex
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...
GHSA-M45G-F45X-VV22 Improper input validation in CNCF Cortex
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...
CVE-2021-31232
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...
CVE-2021-31232
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...
CVE-2021-31232
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...
CVE-2021-31232
The CVE-2021-31232 issue affects Cortex’s Alertmanager before version 1.8.1. Root cause: when -experimental.alertmanager.enable-api is enabled, the HTTP basic auth password_file can be used as an attack vector to leak any file content via a webhook, and Alertmanager templates can load any text fi...