apk package
chainguard/prometheus-pushgateway-fips-1.4
pkg:apk/chainguard/prometheus-pushgateway-fips-1.4
Vulnerabilities (62)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3978 | — | < 1.4.3-r2 | 1.4.3-r2 | Aug 2, 2023 | Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. | ||
| CVE-2022-46146 | — | < 1.4.3-r4 | 1.4.3-r4 | Nov 29, 2022 | Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0. |
- CVE-2023-3978Aug 2, 2023affected < 1.4.3-r2fixed 1.4.3-r2
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
- CVE-2022-46146Nov 29, 2022affected < 1.4.3-r4fixed 1.4.3-r4
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.
Page 4 of 4