CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23536 – Alertmanager can expose local files content via specially crafted config
https://notcve.org/view.php?id=CVE-2022-23536
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API. • https://cortexmetrics.io/docs/api/#set-alertmanager-configuration https://github.com/cortexproject/cortex/releases/tag/v1.13.2 https://github.com/cortexproject/cortex/releases/tag/v1.14.1 https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j • CWE-73: External Control of File Name or Path CWE-184: Incomplete List of Disallowed Inputs CWE-641: Improper Restriction of Names for Files and Other Resources •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36157 – cortex: Grafana Cortex directory traversal
https://notcve.org/view.php?id=CVE-2021-36157
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that location and include some of the contents in the error message. (Other Cortex API requests can also be sent a malicious OrgID header, e.g., tricking the ingester into writing metrics to a different location, but the effect is nuisance rather than information disclosure.) Se ha detectado un problema en Grafana Cortex versiones hasta 1.9.0. • https://github.com/cortexproject/cortex/pull/4375 https://grafana.com/docs/grafana/latest/release-notes https://access.redhat.com/security/cve/CVE-2021-36157 https://bugzilla.redhat.com/show_bug.cgi?id=2183169 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31232
https://notcve.org/view.php?id=CVE-2021-31232
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. Alertmanager en CNCF Cortex versiones anteriores a 1.8.1, presenta una vulnerabilidad de divulgación de archivos locales cuando es usado -experimental.alertmanager.enable-api. El archivo de contraseña de autenticación básica HTTP se puede usar como un vector de ataque para enviar cualquier contenido de archivo por medio de un webhook. • https://community.grafana.com/c/security-announcements https://github.com/cortexproject/cortex https://github.com/cortexproject/cortex/pull/4129/files https://lists.cncf.io/g/cortex-users/message/50 •