Prometheus
By the Year
In 2024 there have been 0 vulnerabilities in Prometheus . Prometheus did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 6.10 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 6.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Prometheus vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Prometheus Security Vulnerabilities
Prometheus is an open-source monitoring system and time series database
CVE-2021-29622
6.1 - Medium
- May 19, 2021
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.
Open Redirect
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1
CVE-2019-3826
6.1 - Medium
- March 26, 2019
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openshift Container Platform or by Prometheus? Click the Watch button to subscribe.
