CVE-2024-41265
- EPSS 0.1%
- Veröffentlicht 01.08.2024 16:15:06
- Zuletzt bearbeitet 02.08.2024 16:35:52
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
CVE-2022-23536
- EPSS 0.4%
- Veröffentlicht 19.12.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 06:48:45
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously craft...
CVE-2021-36157
- EPSS 0.24%
- Veröffentlicht 03.08.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:13:13
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex...
CVE-2021-31232
- EPSS 0.09%
- Veröffentlicht 30.04.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:05:21
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The a...