Browse all 7 CVE security advisories affecting prometheus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Prometheus is an open-source monitoring and alerting toolkit primarily used for time-series metrics collection and analysis in cloud-native environments. Historically, it has been vulnerable to classes including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. Notable security characteristics include its reliance on HTTP-based scraping mechanisms, which can expose attack surfaces. Major incidents include CVE-2021-23017, allowing RCE through API endpoints, and CVE-2022-41717, enabling XSS via the web console. Despite these vulnerabilities, its widespread adoption in DevOps and cloud infrastructure necessitates careful configuration and regular patching to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-40577 | Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint — alertmanagerCWE-79 | 7.5 | High | 2023-08-25 |
This page lists every published CVE security advisory associated with prometheus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.