1502 matches found
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...
Prometheus - Open Redirect
Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...
[SECURITY] Fedora 44 Update: prometheus-3.13.0-1.fc44
The Prometheus monitoring system and time series database...
[SECURITY] Fedora 43 Update: prometheus-3.13.0-1.fc43
The Prometheus monitoring system and time series database...
GHSA-XCGV-8MV7-V8C7 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, kubernetes-dashboard, helmfile, authentik-fips, vexctl, kube-fluentd-operator, dapr-fips, jaeger-fips, calico-fips, traefik, zarf-fips, kyverno-policy-reporter-plugins-kyverno-fips, melange, cerbos, cloud-sql-proxy, grype-fips,...
GHSA-FF52-PH69-CF7X vulnerabilities
Vulnerabilities for packages: kpt, guac, prometheus-blackbox-exporter, crossplane-provider-aws-memorydb, grafana-agent-operator, cluster-api-gcp-controller, manifest-tool, ko, maru, cert-manager-webhook-pdns, pgpool2exporter, tekton-chains, kube-vip-cloud-provider, percona-server-mongodb-operator...
github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...
github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...
RLSA-2026:34357 Important: opentelemetry-collector security update
Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...
[SECURITY] Fedora 43 Update: prometheus-podman-exporter-1.21.2-1.fc43
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
[SECURITY] Fedora 44 Update: prometheus-podman-exporter-1.21.2-1.fc44
Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...
RLSA-2026:34359 Important: opentelemetry-collector security update
Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...
github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...
github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...
github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...