- Vulnerability/
- USN-6935-1
31/7/2024
USN-6935-1: Prometheus Alertmanager vulnerability
First published: Wed Jul 31 2024(Updated: )
It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentially inject arbitrary code. On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, this vulnerability is only present if the UI has been explicitly activated.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/golang-github-prometheus-alertmanager-dev | <0.23.0-4ubuntu0.2+esm1 | 0.23.0-4ubuntu0.2+esm1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/prometheus-alertmanager | <0.23.0-4ubuntu0.2+esm1 | 0.23.0-4ubuntu0.2+esm1 |
| Ubuntu Ubuntu | =22.04 | |
| All of | ||
| ubuntu/golang-github-prometheus-alertmanager-dev | <0.15.3+ds-3ubuntu1.2 | 0.15.3+ds-3ubuntu1.2 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/prometheus-alertmanager | <0.15.3+ds-3ubuntu1.2 | 0.15.3+ds-3ubuntu1.2 |
| Ubuntu Ubuntu | =20.04 | |
| All of | ||
| ubuntu/golang-github-prometheus-alertmanager-dev | <0.6.2+ds-3ubuntu0.1+esm1 | 0.6.2+ds-3ubuntu0.1+esm1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/prometheus-alertmanager | <0.6.2+ds-3ubuntu0.1+esm1 | 0.6.2+ds-3ubuntu0.1+esm1 |
| Ubuntu Ubuntu | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/tags
- agent/softwarecombine
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.04
- version/ubuntu ubuntu/20.04
- version/ubuntu ubuntu/18.04