Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation cortex vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-23536
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations...
Linuxfoundation Cortex 1.13.0
Linuxfoundation Cortex 1.13.1
Linuxfoundation Cortex 1.14.0
5.3
CVSSv3
CVE-2021-36157
An issue exists in Grafana Cortex up to and including 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a r...
Linuxfoundation Cortex
5.5
CVSSv3
CVE-2021-31232
The Alertmanager in CNCF Cortex prior to 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be...
Linuxfoundation Cortex
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started