Vulnerability Report: GO-2022-1175

A malicious actor could remotely read local files by submitting to the Alertmanager Set Configuration API maliciously crafted inputs. Only users of the Alertmanager service where "-experimental.alertmanager.enable-api" or "enable_api: true" is configured are affected.

For detailed information about this vulnerability, visit https://github.com/cortexproject/cortex/security/advisories/GHSA-cq2g-pw6q-hf7j.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL