Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prometheus prometheus vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-18644
An issue exists in GitLab Community and Enterprise Edition 11.x prior to 11.2.7, 11.3.x prior to 11.3.8, and 11.4.x prior to 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
Gitlab Gitlab
6.1
CVSSv3
CVE-2021-29622
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an malicious user to c...
Prometheus Prometheus
Prometheus Prometheus 2.27.0
6.1
CVSSv3
CVE-2019-10215
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
Bootstrap-3-typeahead Project Bootstrap-3-typeahead
6.1
CVSSv3
CVE-2019-3826
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri...
Prometheus Prometheus
Redhat Openshift Container Platform 3.11
5.8
CVSSv3
CVE-2020-16248
Prometheus Blackbox Exporter up to and including 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability
Prometheus Blackbox Exporter
5.4
CVSSv3
CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue ha...
Prometheus Alertmanager 0.25.0
Debian Debian Linux 10.0
5.4
CVSSv3
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
5.3
CVSSv3
CVE-2018-1002104
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Kubernetes Nginx Ingress Controller
5
CVSSv3
CVE-2021-22178
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 prior to 15.7.8, versions of 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project set...
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »