High severity7.5NVD Advisory· Published Aug 25, 2023· Updated Jun 17, 2026
CVE-2023-40577
CVE-2023-40577
Description
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/prometheus/alertmanagerGo | < 0.25.1 | 0.25.1 |
Affected products
68- osv-coords67 versionspkg:apk/chainguard/lokipkg:apk/chainguard/prometheuspkg:apk/chainguard/prometheus-2.38pkg:apk/chainguard/prometheus-2.45pkg:apk/chainguard/prometheus-2.45-bitnami-compatpkg:apk/chainguard/prometheus-admission-webhookpkg:apk/chainguard/prometheus-admission-webhook-compatpkg:apk/chainguard/prometheus-alertmanagerpkg:apk/chainguard/prometheus-config-reloaderpkg:apk/chainguard/prometheus-config-reloader-oci-entrypoint-compatpkg:apk/chainguard/prometheus-operatorpkg:apk/chainguard/promxypkg:apk/chainguard/promxy-fipspkg:apk/chainguard/tempo-2.3pkg:apk/chainguard/tempo-2.3-clipkg:apk/chainguard/tempo-2.3-querypkg:apk/chainguard/tempo-2.3-vulturepkg:apk/chainguard/thanos-0.31pkg:apk/chainguard/thanos-0.32pkg:apk/wolfi/lokipkg:apk/wolfi/prometheuspkg:apk/wolfi/prometheus-2.45pkg:apk/wolfi/prometheus-2.45-bitnami-compatpkg:apk/wolfi/prometheus-admission-webhookpkg:apk/wolfi/prometheus-admission-webhook-compatpkg:apk/wolfi/prometheus-alertmanagerpkg:apk/wolfi/prometheus-config-reloaderpkg:apk/wolfi/prometheus-config-reloader-oci-entrypoint-compatpkg:apk/wolfi/prometheus-operatorpkg:apk/wolfi/promxypkg:apk/wolfi/thanos-0.31pkg:apk/wolfi/thanos-0.32pkg:bitnami/alertmanagerpkg:golang/github.com/prometheus/alertmanagerpkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Tumbleweedpkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/system-user-grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/system-user-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012-BETA
< 2.8.4-r5+ 66 more
- (no CPE)range: < 2.8.4-r5
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.45.3-r2
- (no CPE)range: < 2.45.3-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.26.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.0.94-r0
- (no CPE)range: < 0
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 2.3.1-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.8.4-r5
- (no CPE)range: < 0
- (no CPE)range: < 2.45.3-r2
- (no CPE)range: < 2.45.3-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.26.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.0.94-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 0.25.0, < 0.25.1
- (no CPE)range: < 0.25.1
- (no CPE)range: < 0.26.0-150100.4.19.1
- (no CPE)range: < 0.26.0-4.1
- (no CPE)range: < 1.6-4.9.2
- (no CPE)range: < 1.0.0-1.21.2
- (no CPE)range: < 1.0.0-4.12.4
- (no CPE)range: < 0.26.0-150100.4.19.1
- (no CPE)range: < 0.26.0-1.24.2
- (no CPE)range: < 0.26.0-4.12.4
- (no CPE)range: < 0.26.0-150100.4.19.1
- (no CPE)range: < 0.26.0-150100.4.19.1
- (no CPE)range: < 1.5.0-4.15.4
- (no CPE)range: < 2.45.0-1.50.2
- (no CPE)range: < 2.45.0-4.33.3
- (no CPE)range: < 0.14.0-4.12.2
- (no CPE)range: < 0.4.0-4.6.2
- (no CPE)range: < 9.5.8-1.60.1
- (no CPE)range: < 9.5.8-4.21.2
- (no CPE)range: < 0.1.1687520761.cefb248-4.15.2
- (no CPE)range: < 4.3.8-1.44.2
- (no CPE)range: < 5.0.1-4.21.4
- (no CPE)range: < 0.24.0-3.6.3
- (no CPE)range: < 0.10.1-1.17.2
- (no CPE)range: < 0.10.1-3.6.4
- (no CPE)range: < 2.3.5-15.12.2
- (no CPE)range: < 5.0.1-24.30.3
- (no CPE)range: < 4.3.26-38.136.2
- (no CPE)range: < 5.0.1-41.42.3
- (no CPE)range: < 4.3.18-52.95.2
- (no CPE)range: < 1.2.2-9.9.2
- (no CPE)range: < 5.0.1-9.15.2
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 5.0.1-3.33.3
- prometheus/alertmanagerv5Range: <= 0.25.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v86x-5fm3-5p7jghsaADVISORY
- github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7jnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-40577ghsaADVISORY
- lists.debian.org/debian-lts-announce/2023/10/msg00011.htmlnvdMailing ListWEB
News mentions
0No linked articles in our index yet.