Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prometheus prometheus vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-19495
An issue exists in GitLab Community and Enterprise Edition prior to 11.3.11, 11.4.x prior to 11.4.8, and 11.5.x prior to 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
Gitlab Gitlab
5
CVSSv2
CVE-2018-14602
An issue exists in GitLab Community and Enterprise Edition prior to 10.8.7, 11.0.x prior to 11.0.5, and 11.1.x prior to 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
Gitlab Gitlab
NA
CVE-2022-3613
An issue has been discovered in GitLab CE/EE affecting all versions prior to 15.5.7, all versions starting from 15.6 prior to 15.6.4, all versions starting from 15.7 prior to 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of S...
Gitlab Gitlab
NA
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 prior to 15.7.8, versions of 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project set...
Gitlab Gitlab
NA
CVE-2022-39337
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without ...
Dromara Hertzbeat
NA
CVE-2023-38994
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attack...
Univention Univention Corporate Server 5.0
NA
CVE-2023-27591
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the defaul...
Miniflux Project Miniflux
6.4
CVSSv2
CVE-2022-24797
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of servi...
Pomerium Pomerium
4.3
CVSSv2
CVE-2021-41090
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics insta...
Grafana Agent
3.5
CVSSv2
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »