2 matches found
GHSA-CQ2G-PW6Q-HF7J Cortex's Alertmanager can expose local files content via specially crafted config
Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...
Information Disclosure
github.com/cortexproject/cortex is vulnerable to information disclosure. The Alertmanager can potentially allow for disclosure of confidential local file content via a malicious configuration...