VYPR

apk package

chainguard/prometheus-operator

pkg:apk/chainguard/prometheus-operator

Vulnerabilities (64)

  • CVE-2023-39325Oct 11, 2023
    affected < 0.68.0-r4fixed 0.68.0-r4

    A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attack

  • CVE-2023-40577Aug 25, 2023
    affected < 0fixed 0

    Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue ha

  • CVE-2023-3978Aug 2, 2023
    affected < 0.68.0-r4fixed 0.68.0-r4

    Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

  • CVE-2019-3826Mar 26, 2019
    affected < 0fixed 0

    A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scri

Page 4 of 4