Lucene search
K

4 matches found

NVD
NVD
added 2023/03/17 8:15 p.m.29 views

CVE-2023-27591

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4
CVE
CVE
added 2023/03/17 7:4 p.m.84 views

CVE-2023-27591

CVE-2023-27591 affects Miniflux prior to v2.0.43. An unauthenticated user could retrieve Prometheus metrics from a publicly reachable Miniflux instance when the metrics collector is enabled and METRICS_ALLOWED_NETWORKS is set to 127.0.0.1/8 (default). A patch is available in Miniflux v2.0.43. Wor...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/17 7:4 p.m.42 views

CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.8AI score0.00755EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/17 7:4 p.m.8 views

CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

7.5CVSS7.6AI score0.00755EPSS
Exploits0References4
Rows per page
Query Builder