Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prometheus prometheus vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-29622
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an malicious user to c...
Prometheus Prometheus
Prometheus Prometheus 2.27.0
NA
CVE-2002-1211
Prometheus 6.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.
Jason Orcutt Prometheus 3.0 Beta
Jason Orcutt Prometheus 4.0 Beta
Jason Orcutt Prometheus 6.0
1 EDB exploit
6.1
CVSSv3
CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri...
Prometheus Prometheus
Redhat Openshift Container Platform 3.11
5.8
CVSSv3
CVE-2020-16248
Prometheus Blackbox Exporter up to and including 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability
Prometheus Blackbox Exporter
8.8
CVSSv3
CVE-2022-46146
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 a...
Prometheus Exporter Toolkit
7.5
CVSSv3
CVE-2023-26735
blackbox_exporter v0.23.0 exists to contain an access control issue in its probe interface. This vulnerability allows malicious users to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be config...
Prometheus Blackbox Exporter 0.23.0
5.4
CVSSv3
CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue ha...
Prometheus Alertmanager 0.25.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-21698
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde...
Prometheus Client Golang
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Extra Packages For Enterprise Linux 7.0
Rdo Project Rdo -
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2019-10215
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
Bootstrap-3-typeahead Project Bootstrap-3-typeahead
7.5
CVSSv3
CVE-2017-18640
The Alias feature in SnakeYAML prior to 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Snakeyaml Project Snakeyaml
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Quarkus Quarkus
Oracle Peoplesoft Enterprise Pt Peopletools 8.56
Oracle Peoplesoft Enterprise Pt Peopletools 8.57
Oracle Peoplesoft Enterprise Pt Peopletools 8.58
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »