VYPR
High severity7.5NVD Advisory· Published Mar 17, 2023· Updated Jun 17, 2026

CVE-2023-27591

CVE-2023-27591

Description

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICS_COLLECTOR configuration option is enabled and METRICS_ALLOWED_NETWORKS is set to 127.0.0.1/8 (the default). A patch is available in Miniflux 2.0.43. As a workaround, set METRICS_COLLECTOR to false (default) or run Miniflux behind a trusted reverse-proxy.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
miniflux.app/v2Go
< 2.0.432.0.43
miniflux.appGo
<= 1.0.46

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.