Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prometheus prometheus vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-22166
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
Gitlab Gitlab
5.3
CVSSv3
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Kubernetes Nginx Ingress Controller
7.5
CVSSv3
CVE-2023-6001
Prometheus metrics are available without authentication. These expose detailed and sensitive information about the YugabyteDB Anywhere environment.
Yugabyte Yugabytedb
NA
CVE-2024-34045
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().
NA
CVE-2024-34046
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment().
5
CVSSv3
CVE-2021-22178
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
Gitlab Gitlab
NA
CVE-2024-28867
Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing ne...
6.5
CVSSv3
CVE-2018-18644
An issue exists in GitLab Community and Enterprise Edition 11.x prior to 11.2.7, 11.3.x prior to 11.3.8, and 11.4.x prior to 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
Gitlab Gitlab
7.5
CVSSv3
CVE-2023-48796
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can't upgrade to the fixed version can also set environment ...
Apache Dolphinscheduler
7.5
CVSSv3
CVE-2023-1733
A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.
Gitlab Gitlab 15.10.0
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »