10 matches found
TencentOS Server 4: alertmanager (TSSA-2024:0822)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0822 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2023-40577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the...
openSUSE Security Advisory (SUSE-SU-2024:0512-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : golang-github-prometheus-alertmanager (SUSE-SU-2024:0512-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0512-1 advisory. golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: -...
SUSE-SU-2024:0512-1 Security update for golang-github-prometheus-alertmanager
This update for golang-github-prometheus-alertmanager fixes the following issues: golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 jscPED-7353: - Version 0.26.0: Security fixes: + CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI...
Debian dla-3609 : golang-github-prometheus-alertmanager-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3609 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3609-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-40577
Prometheus Alertmanager is vulnerable to cross-site scripting due to improper validation of user-supplied input by the /api/v1/alerts endpoint. This issue could allow a remote attacker to inject malicious script into a web page, which would be executed in a victim's web browser within the hosting...
CVE-2023-40577 vulnerabilities
Vulnerabilities for packages: promxy, prometheus-alertmanager...
CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in...
CVE-2023-40577
CVE-2023-40577 affects Prometheus Prometheus Alertmanager. The issue allows an attacker with POST permission on the /api/v1/alerts endpoint to cause arbitrary JavaScript execution in users of Alertmanager (stored XSS). The vulnerability is tied to the Alertmanager component handling incoming aler...