Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prometheus prometheus vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-19495
An issue exists in GitLab Community and Enterprise Edition prior to 11.3.11, 11.4.x prior to 11.4.8, and 11.5.x prior to 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
Gitlab Gitlab
7.5
CVSSv3
CVE-2018-14602
An issue exists in GitLab Community and Enterprise Edition prior to 10.8.7, 11.0.x prior to 11.0.5, and 11.1.x prior to 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.
Gitlab Gitlab
7.5
CVSSv3
CVE-2022-3613
An issue has been discovered in GitLab CE/EE affecting all versions prior to 15.5.7, all versions starting from 15.6 prior to 15.6.4, all versions starting from 15.7 prior to 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of S...
Gitlab Gitlab
7.5
CVSSv3
CVE-2022-39337
Hertzbeat is an open source, real-time monitoring system with custom-monitoring, high performance cluster, prometheus-like and agentless. Hertzbeat versions 1.20 and prior have a permission bypass vulnerability. System authentication can be bypassed and invoke interfaces without ...
Dromara Hertzbeat
4.3
CVSSv3
CVE-2022-4289
An issue has been discovered in GitLab affecting all versions starting from 15.3 prior to 15.7.8, versions of 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project set...
Gitlab Gitlab
7.8
CVSSv3
CVE-2023-38994
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attack...
Univention Univention Corporate Server 5.0
7.5
CVSSv3
CVE-2023-27591
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the defaul...
Miniflux Project Miniflux
9.1
CVSSv3
CVE-2022-24797
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of servi...
Pomerium Pomerium
7.5
CVSSv3
CVE-2021-41090
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics insta...
Grafana Agent
5.4
CVSSv3
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »