40 matches found
CVE-2025-41118 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
GHSA-M9HQ-H476-H2G8 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
CVE-2025-41118 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
GHSA-M9HQ-H476-H2G8 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
BIT-GRAFANA-PYROSCOPE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118
A flaw was found in Pyroscope. When Tencent Cloud Object Storage COS is configured as the storage backend, an attacker with access to the Pyroscope API can extract the secretkey value in plaintext. This issue leads to sensitive information disclosure. Mitigation To mitigate this vulnerability,...
GHSA-M9HQ-H476-H2G8 Pyroscope Exposes Storage Secret
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
Pyroscope Exposes Storage Secret
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
EUVD-2025-209489
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
Exposure of Private Personal Information to an Unauthorized Actor
Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the configuration API when type protection is missing for sensitive fields. An attacker can obtain confidential credentials by sending requests directly to the API...
CVE-2025-41118
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
Pyroscope 安全漏洞
Pyroscope is an open-source continuous performance analysis platform developed by Grafana. Vulnerabilities exist in versions prior to Pyroscope 1.15.2, 1.16.1, and 1.17.0. These vulnerabilities stem from improper configuration, potentially allowing attackers to extract the secretkey configuration...
GHSA-78H2-9FRX-2JM8 vulnerabilities
Vulnerabilities for packages: omni-fips, boring-registry, bento-fips, azcopy, harbor-fips, grype-db, gitlab-workhorse-ce, tkn-fips, fulcio, velero, gitlab-runner, chainloop-control-plane, cert-manager, gotrue, envconsul-fips, gitlab-kas, scorecard, sftpgo, traefik-fips, oauth2-proxy,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, nri-cassandra, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, nri-cassandra, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
CVE-2026-27142 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, kaf, tofu-controller, x509-certificate-exporter, ingress-nginx-controller,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, q, whereabouts, kube-rbac-proxy, azurefile-csi, smokescreen, nri-jmx, spark-operator, tempo,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, kaf, tofu-controller, x509-certificate-exporter, ingress-nginx-controller,...