vulnerability
Ubuntu: USN-6935-1 (CVE-2023-40577): Prometheus Alertmanager vulnerability
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Aug 25, 2023 | Aug 1, 2024 | Jan 28, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Aug 25, 2023
Added
Aug 1, 2024
Modified
Jan 28, 2025
Description
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.
Solution(s)
ubuntu-pro-upgrade-golang-github-prometheus-alertmanager-devubuntu-pro-upgrade-prometheus-alertmanager

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.