Vulnerabilities > Prometheus

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-40577 Cross-site Scripting vulnerability in multiple products
Alertmanager handles alerts sent by client applications such as the Prometheus server.
network
low complexity
prometheus debian CWE-79
5.4
2023-04-26 CVE-2023-26735 Server-Side Request Forgery (SSRF) vulnerability in Prometheus Blackbox Exporter 0.23.0
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface.
network
low complexity
prometheus CWE-918
7.5
2022-11-29 CVE-2022-46146 Incorrect Implementation of Authentication Algorithm vulnerability in Prometheus Exporter Toolkit
Prometheus Exporter Toolkit is a utility package to build exporters.
network
low complexity
prometheus CWE-303
8.8
2022-02-15 CVE-2022-21698 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients.
network
low complexity
prometheus fedoraproject rdo-project CWE-770
7.5
2021-05-19 CVE-2021-29622 Open Redirect vulnerability in Prometheus
Prometheus is an open-source monitoring system and time series database.
5.8
2020-08-09 CVE-2020-16248 Server-Side Request Forgery (SSRF) vulnerability in Prometheus Blackbox Exporter
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF.
network
low complexity
prometheus CWE-918
5.8
2019-03-26 CVE-2019-3826 Cross-site Scripting vulnerability in multiple products
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1.
network
low complexity
prometheus redhat CWE-79
6.1