Vulnerabilites related to linuxfoundation - cortex
Vulnerability from fkie_nvd
Published
2022-12-19 22:15
Modified
2024-11-21 06:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cortex | 1.13.0 | |
| linuxfoundation | cortex | 1.13.1 | |
| linuxfoundation | cortex | 1.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cortex:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99530D49-4F18-4E0C-81B3-543FFB1A9916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cortex:1.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244198BF-FD25-44A5-814D-5E7C7B583D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:cortex:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2FE6BB-9BF1-4620-ABEA-143828D3B0D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.\n"
},
{
"lang": "es",
"value": "Cortex proporciona almacenamiento a largo plazo para m\u00faltiples inquilinos para Prometheus. Existe una vulnerabilidad de inclusi\u00f3n de archivos locales en las versiones 1.13.0, 1.13.1 y 1.14.0 de Cortex, donde un actor malintencionado podr\u00eda leer de forma remota archivos locales como resultado del an\u00e1lisis de configuraciones de Alertmanager dise\u00f1adas con fines malintencionados cuando se env\u00edan a la API de configuraci\u00f3n de Alertmanager. Solo se ven afectados los usuarios del servicio Alertmanager donde est\u00e1 configurado `-experimental.alertmanager.enable-api` o `enable_api: true`. Se recomienda a los usuarios afectados de Cortex que actualicen a las versiones parcheadas 1.13.2 o 1.14.1. Sin embargo, como workaround, los administradores de Cortex pueden rechazar las configuraciones de Alertmanager que contengan la configuraci\u00f3n `api_key_file` en la secci\u00f3n `opsgenie_configs` antes de enviarlas a la API Set Alertmanager Configuration."
}
],
"id": "CVE-2022-23536",
"lastModified": "2024-11-21T06:48:45.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-19T22:15:10.803",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
},
{
"lang": "en",
"value": "CWE-184"
},
{
"lang": "en",
"value": "CWE-641"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-30 13:15
Modified
2024-11-21 06:05
Severity ?
Summary
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://community.grafana.com/c/security-announcements | Third Party Advisory | |
| cve@mitre.org | https://github.com/cortexproject/cortex | Third Party Advisory | |
| cve@mitre.org | https://github.com/cortexproject/cortex/pull/4129/files | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.cncf.io/g/cortex-users/message/50 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.grafana.com/c/security-announcements | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cortexproject/cortex | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cortexproject/cortex/pull/4129/files | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.cncf.io/g/cortex-users/message/50 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cortex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cortex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47A89AC7-C9EF-49FB-89F3-0920864F1471",
"versionEndExcluding": "1.8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list."
},
{
"lang": "es",
"value": "Alertmanager en CNCF Cortex versiones anteriores a 1.8.1, presenta una vulnerabilidad de divulgaci\u00f3n de archivos locales cuando es usado -experimental.alertmanager.enable-api.\u0026#xa0;El archivo de contrase\u00f1a de autenticaci\u00f3n b\u00e1sica HTTP se puede usar como un vector de ataque para enviar cualquier contenido de archivo por medio de un webhook.\u0026#xa0;Las plantillas de alertmanager pueden ser usados como vector de ataque para enviar cualquier contenido de archivo porque alertmanager puede cargar cualquier archivo de texto especificado en la lista de plantillas."
}
],
"id": "CVE-2021-31232",
"lastModified": "2024-11-21T06:05:21.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-30T13:15:07.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://community.grafana.com/c/security-announcements"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/pull/4129/files"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.cncf.io/g/cortex-users/message/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://community.grafana.com/c/security-announcements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/pull/4129/files"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://lists.cncf.io/g/cortex-users/message/50"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-03 15:15
Modified
2024-11-21 06:13
Severity ?
Summary
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/cortexproject/cortex/pull/4375 | Patch, Third Party Advisory | |
| cve@mitre.org | https://grafana.com/docs/grafana/latest/release-notes/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cortexproject/cortex/pull/4375 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://grafana.com/docs/grafana/latest/release-notes/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | cortex | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:cortex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E141A48F-DD44-491F-BBBB-70B4945A0A0A",
"versionEndIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)"
},
{
"lang": "es",
"value": "Se ha detectado un problema en Grafana Cortex versiones hasta 1.9.0. El valor del encabezado X-Scope-OrgID es usado para dise\u00f1ar rutas de archivos para los archivos de reglas, y si se dise\u00f1a para realizar un salto de directorio tal y como ae ../../sensitive/path/in/deployment pathname, Cortex intentar\u00e1 analizar un archivo de reglas en esa ubicaci\u00f3n e incluir\u00e1 parte del contenido en el mensaje de error. (Otras peticiones de la API de Cortex tambi\u00e9n pueden ser enviados un encabezado OrgID malicioso, por ejemplo, enga\u00f1ando al ingester para que escriba las m\u00e9tricas en una ubicaci\u00f3n diferente, pero el efecto es de molestia m\u00e1s que de revelaci\u00f3n de informaci\u00f3n)"
}
],
"id": "CVE-2021-36157",
"lastModified": "2024-11-21T06:13:13.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-03T15:15:08.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/pull/4375"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://grafana.com/docs/grafana/latest/release-notes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cortexproject/cortex/pull/4375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://grafana.com/docs/grafana/latest/release-notes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-23536 (GCVE-0-2022-23536)
Vulnerability from cvelistv5
Published
2022-12-19 21:10
Modified
2025-04-16 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cortexproject | cortex |
Version: >= 1.13.0, <= 1.13.1 Version: = 1.14.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j"
},
{
"name": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration"
},
{
"name": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2"
},
{
"name": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T18:22:58.411747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:23:07.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cortex",
"vendor": "cortexproject",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c= 1.13.1"
},
{
"status": "affected",
"version": "= 1.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-641",
"description": "CWE-641: Improper Restriction of Names for Files and Other Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T21:10:21.977Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j"
},
{
"name": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration",
"tags": [
"x_refsource_MISC"
],
"url": "https://cortexmetrics.io/docs/api/#set-alertmanager-configuration"
},
{
"name": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.13.2"
},
{
"name": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cortexproject/cortex/releases/tag/v1.14.1"
}
],
"source": {
"advisory": "GHSA-cq2g-pw6q-hf7j",
"discovery": "UNKNOWN"
},
"title": "Alertmanager can expose local files content via specially crafted config"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23536",
"datePublished": "2022-12-19T21:10:21.977Z",
"dateReserved": "2022-01-19T21:23:53.793Z",
"dateUpdated": "2025-04-16T18:23:07.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36157 (GCVE-0-2021-36157)
Vulnerability from cvelistv5
Published
2021-08-03 14:03
Modified
2024-08-04 00:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grafana.com/docs/grafana/latest/release-notes/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cortexproject/cortex/pull/4375"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-03T14:03:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grafana.com/docs/grafana/latest/release-notes/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cortexproject/cortex/pull/4375"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://grafana.com/docs/grafana/latest/release-notes/",
"refsource": "MISC",
"url": "https://grafana.com/docs/grafana/latest/release-notes/"
},
{
"name": "https://github.com/cortexproject/cortex/pull/4375",
"refsource": "MISC",
"url": "https://github.com/cortexproject/cortex/pull/4375"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36157",
"datePublished": "2021-08-03T14:03:49",
"dateReserved": "2021-07-05T00:00:00",
"dateUpdated": "2024-08-04T00:47:43.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31232 (GCVE-0-2021-31232)
Vulnerability from cvelistv5
Published
2021-04-30 12:46
Modified
2024-08-03 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.grafana.com/c/security-announcements"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cortexproject/cortex"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cortexproject/cortex/pull/4129/files"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.cncf.io/g/cortex-users/message/50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-30T13:20:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.grafana.com/c/security-announcements"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cortexproject/cortex"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cortexproject/cortex/pull/4129/files"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.cncf.io/g/cortex-users/message/50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.grafana.com/c/security-announcements",
"refsource": "MISC",
"url": "https://community.grafana.com/c/security-announcements"
},
{
"name": "https://github.com/cortexproject/cortex",
"refsource": "MISC",
"url": "https://github.com/cortexproject/cortex"
},
{
"name": "https://github.com/cortexproject/cortex/pull/4129/files",
"refsource": "MISC",
"url": "https://github.com/cortexproject/cortex/pull/4129/files"
},
{
"name": "https://lists.cncf.io/g/cortex-users/message/50",
"refsource": "MISC",
"url": "https://lists.cncf.io/g/cortex-users/message/50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31232",
"datePublished": "2021-04-30T12:46:32",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}