Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
LinuxfoundationCortex

3 matches found

CVE
CVEadded 2021/08/03 2:3 p.m.183 views

CVE-2021-36157

Grafana Cortex (through 1.9.0) is affected by CVE-2021-36157: an attacker can craft the X-Scope-OrgID header to cause directory traversal, causing Cortex to parse a rules file from a local path and reveal parts of the contents in error messages. There is also a note that other Cortex API requests...

5.3CVSS5AI score0.01392EPSS
CVE
CVEadded 2022/12/19 9:10 p.m.112 views

CVE-2022-23536

The CVE-2022-23536 issue affects Cortex (multi-tenant storage for Prometheus) where a local file inclusion vulnerability exists in Cortex versions 1.13.0 , 1.13.1 , and 1.14.0 . A malicious actor could remotely read local files by submitting maliciously crafted Alertmanager configurations via the...

6.5CVSS6.2AI score0.00753EPSS
CVE
CVEadded 2021/04/30 12:46 p.m.67 views

CVE-2021-31232

The CVE-2021-31232 issue affects Cortex’s Alertmanager before version 1.8.1. Root cause: when -experimental.alertmanager.enable-api is enabled, the HTTP basic auth password_file can be used as an attack vector to leak any file content via a webhook, and Alertmanager templates can load any text fi...

5.5CVSS5.1AI score0.0037EPSS