1. CVE-Search
  2. CVE-2023-27591
ID CVE-2023-27591
Summary Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy.
References
Vulnerable Configurations
  • cpe:2.3:a:miniflux_project:miniflux:-:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:-:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.0:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.0:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.1:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.1:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.2:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.2:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.3:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.3:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.4:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.4:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.5:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.5:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.7:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.7:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.8:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.8:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.9:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.9:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.10:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.10:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.0.11:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.0.11:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.0:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.0:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.1:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.1:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.2:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.2:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.3:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.3:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.4:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.4:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.5:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.5:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.6:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.6:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.7:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.7:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.8:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.8:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.9:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.9:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.1.10:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.1.10:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.2.0:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.2.0:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.2.1:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.2.1:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.2.2:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.2.2:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.2.3:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.2.3:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:1.2.4:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:1.2.4:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.0:-:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.0:-:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.0:rc1:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.0:rc1:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.1:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.1:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.2:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.2:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.3:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.3:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.4:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.4:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.5:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.5:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.6:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.6:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.7:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.7:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.8:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.8:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.9:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.9:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.10:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.10:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.11:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.11:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.12:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.12:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.13:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.13:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.14:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.14:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.15:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.15:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.16:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.16:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.17:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.17:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.18:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.18:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.19:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.19:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.20:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.20:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.21:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.21:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.22:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.22:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.23:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.23:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.24:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.24:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.25:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.25:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.26:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.26:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.27:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.27:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.28:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.28:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.29:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.29:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.30:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.30:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.31:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.31:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.32:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.32:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.33:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.33:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.34:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.34:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.35:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.35:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.36:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.36:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.37:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.37:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.38:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.38:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.39:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.39:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.40:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.40:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.41:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.41:*:*:*:*:go:*:*
  • cpe:2.3:a:miniflux_project:miniflux:2.0.42:*:*:*:*:go:*:*
    cpe:2.3:a:miniflux_project:miniflux:2.0.42:*:*:*:*:go:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 24-03-2023 - 14:50
Published 17-03-2023 - 20:15
Last modified 24-03-2023 - 14:50
Back to Top