First published: Tue Mar 26 2019(Updated: )
## Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references. ## Original Description A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prometheus Prometheus | <2.7.1 | |
Redhat Openshift Container Platform | =3.11 | |
go/github.com/prometheus/prometheus | <2.7.1 | 2.7.1 |
<2.7.1 | ||
=3.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.