Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
cortex 输入验证错误漏洞
Vulnerability Description
cortex是一个应用软件。提供了水平可扩展,高可用性,多租户的长期存储。 Cortex 存在输入验证错误漏洞,本地攻击者可以未经授权访问系统上的敏感信息,该漏洞使本地攻击者可以访问潜在的敏感信息,以下产品及版本受到影响:Cortex: 0.1.0, 0.1.0 rc.0, 0.2.0, 0.2.0 rc.0, 0.3.0, 0.3.0 rc.0, 0.4.0, 0.4.0 rc.0, 0.5.0 rc.0, 0.5.0 rc1, 0.6.0, 0.6.0 rc.0, 0.6.1, 0.7.0, 0.7.
CVSS Information
N/A
Vulnerability Type
N/A