CVE-2019-3826
published 2019-03-26CVE-2019-3826: A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | prometheus | < prometheus 2.7.1+ds-1 (bookworm) | prometheus 2.7.1+ds-1 (bookworm) |
| github.com | prometheus_prometheus | >= 0 < 2.7.1 | 2.7.1 |
| prometheus | prometheus | < 2.7.1 | 2.7.1 |
| prometheus | prometheus | >= 0 < 2.7.1+ds-1 | 2.7.1+ds-1 |
| prometheus | prometheus | >= 0 < 2.7.1+ds-1 | 2.7.1+ds-1 |
| prometheus | prometheus | >= 0 < 2.7.1+ds-1 | 2.7.1+ds-1 |
| prometheus | prometheus | >= 0 < 2.7.1+ds-1 | 2.7.1+ds-1 |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM