vulnerability

Ubuntu: USN-6935-1 (CVE-2023-40577): Prometheus Alertmanager vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	08/25/2023	08/01/2024	01/28/2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

08/25/2023

Added

08/01/2024

Modified

01/28/2025

Description

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.

Solution(s)

ubuntu-pro-upgrade-golang-github-prometheus-alertmanager-devubuntu-pro-upgrade-prometheus-alertmanager

References

CVE-2023-40577
https://attackerkb.com/topics/CVE-2023-40577
UBUNTU-USN-6935-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today