DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2023-40577

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-40577

CGA ID

CGA-xx32-jqfw-xx2j

Severity

5.4

Medium

CVSS V3

Description

Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.

References

  • https://images.chainguard.dev/security/CGA-xx32-jqfw-xx2j

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images