Alertmanager can expose local files content via specially crafted config
Description
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where -experimental.alertmanager.enable-api or enable_api: true is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the api_key_file setting in the opsgenie_configs section before sending to the Set Alertmanager Configuration API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local file inclusion vulnerability in Cortex Alertmanager allows remote attackers to read arbitrary files via a crafted Alertmanager configuration with OpsGenie api_key_file.
Cortex is a horizontally scalable, multi-tenant long-term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1, and 1.14.0, where the Alertmanager configuration validation does not restrict the api_key_file field in opsgenie_configs. This allows an attacker to specify arbitrary file paths that the Alertmanager will attempt to read, potentially exposing sensitive local files [1][2][4].
To exploit this vulnerability, the attacker must have access to the Set Alertmanager Configuration API, which requires that the -experimental.alertmanager.enable-api flag or enable_api: true is configured. By submitting a malicious Alertmanager configuration containing an api_key_file pointing to a sensitive file (e.g., /etc/shadow), the file contents may be returned in error messages or logged, achieving local file disclosure [1][2].
The impact is that an attacker can read arbitrary files on the Cortex server, including configuration files, secrets, and other sensitive data, potentially leading to further compromise of the system [2].
Mitigation: Users should upgrade to patched versions 1.13.2 or 1.14.1. As a workaround, administrators can reject any Alertmanager configuration that includes the api_key_file setting in the opsgenie_configs section before submitting it to the API [2][4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cortexproject/cortexGo | >= 1.14.0, < 1.14.1 | 1.14.1 |
github.com/cortexproject/cortexGo | >= 1.13.0, < 1.13.2 | 1.13.2 |
Affected products
1- Range: >= 1.13.0, <= 1.13.1
Patches
103e023d8b012Fix opsgenie validation (#5045)
3 files changed · +50 −0
CHANGELOG.md+1 −0 modified@@ -1,6 +1,7 @@ # Changelog ## master / unreleased +* [CHANGE] Alertmanager: Local file disclosure vulnerability in OpsGenie configuration has been fixed. #5045 * [ENHANCEMENT] Update Go version to 1.19.3. #4988 * [ENHANCEMENT] Querier: limit series query to only ingesters if `start` param is not specified. #4976 * [ENHANCEMENT] Query-frontend/scheduler: add a new limit `frontend.max-outstanding-requests-per-tenant` for configuring queue size per tenant. Started deprecating two flags `-query-scheduler.max-outstanding-requests-per-tenant` and `-querier.max-outstanding-requests-per-tenant`, and change their value default to 0. Now if both the old flag and new flag are specified, the old flag's queue size will be picked. #5005
pkg/alertmanager/api.go+18 −0 modified@@ -45,6 +45,7 @@ var ( errTLSFileNotAllowed = errors.New("setting TLS ca_file, cert_file and key_file is not allowed") errSlackAPIURLFileNotAllowed = errors.New("setting Slack api_url_file and global slack_api_url_file is not allowed") errVictorOpsAPIKeyFileNotAllowed = errors.New("setting VictorOps api_key_file is not allowed") + errOpsGenieAPIKeyFileNotAllowed = errors.New("setting OpsGenie api_key_file is not allowed") ) // UserConfig is used to communicate a users alertmanager configs @@ -336,6 +337,11 @@ func validateAlertmanagerConfig(cfg interface{}) error { return err } + case reflect.TypeOf(config.OpsGenieConfig{}): + if err := validateOpsGenieConfig(v.Interface().(config.OpsGenieConfig)); err != nil { + return err + } + case reflect.TypeOf(commoncfg.TLSConfig{}): if err := validateReceiverTLSConfig(v.Interface().(commoncfg.TLSConfig)); err != nil { return err @@ -426,12 +432,24 @@ func validateReceiverTLSConfig(cfg commoncfg.TLSConfig) error { // validateGlobalConfig validates the Global config and returns an error if it contains // settings now allowed by Cortex. func validateGlobalConfig(cfg config.GlobalConfig) error { + if cfg.OpsGenieAPIKeyFile != "" { + return errOpsGenieAPIKeyFileNotAllowed + } if cfg.SlackAPIURLFile != "" { return errSlackAPIURLFileNotAllowed } return nil } +// validateOpsGenieConfig validates the OpsGenie config and returns an error if it contains +// settings now allowed by Cortex. +func validateOpsGenieConfig(cfg config.OpsGenieConfig) error { + if cfg.APIKeyFile != "" { + return errOpsGenieAPIKeyFileNotAllowed + } + return nil +} + // validateSlackConfig validates the Slack config and returns an error if it contains // settings now allowed by Cortex. func validateSlackConfig(cfg config.SlackConfig) error {
pkg/alertmanager/api_test.go+31 −0 modified@@ -371,6 +371,23 @@ alertmanager_config: | `, err: errors.Wrap(errOAuth2SecretFileNotAllowed, "error validating Alertmanager config"), }, + { + name: "Should return error if global opsgenie_api_key_file is set", + cfg: ` +alertmanager_config: | + global: + opsgenie_api_key_file: /secrets + + receivers: + - name: default-receiver + webhook_configs: + - url: http://localhost + + route: + receiver: 'default-receiver' +`, + err: errors.Wrap(errOpsGenieAPIKeyFileNotAllowed, "error validating Alertmanager config"), + }, { name: "Should return error if global slack_api_url_file is set", cfg: ` @@ -402,6 +419,20 @@ alertmanager_config: | `, err: errors.Wrap(errSlackAPIURLFileNotAllowed, "error validating Alertmanager config"), }, + { + name: "Should return error if OpsGenie api_key_file is set", + cfg: ` +alertmanager_config: | + receivers: + - name: default-receiver + opsgenie_configs: + - api_key_file: /secrets + + route: + receiver: 'default-receiver' +`, + err: errors.Wrap(errOpsGenieAPIKeyFileNotAllowed, "error validating Alertmanager config"), + }, { name: "Should return error if VictorOps api_key_file is set", cfg: `
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-cq2g-pw6q-hf7jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23536ghsaADVISORY
- cortexmetrics.io/docs/api/ghsax_refsource_MISCWEB
- github.com/cortexproject/cortex/commit/03e023d8b012887b31cc268d0d011b01e1e65506ghsaWEB
- github.com/cortexproject/cortex/releases/tag/v1.13.2ghsax_refsource_MISCWEB
- github.com/cortexproject/cortex/releases/tag/v1.14.1ghsax_refsource_MISCWEB
- github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7jghsax_refsource_CONFIRMWEB
- pkg.go.dev/vuln/GO-2022-1175ghsaWEB
News mentions
0No linked articles in our index yet.