suse-su-2024:0512-1
Vulnerability from csaf_suse
Published
2024-02-15 13:43
Modified
2024-02-15 13:43
Summary
Security update for golang-github-prometheus-alertmanager
Notes
Title of the patch
Security update for golang-github-prometheus-alertmanager
Description of the patch
This update for golang-github-prometheus-alertmanager fixes the following issues:
golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 (jsc#PED-7353):
- Version 0.26.0:
* Security fixes:
+ CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
* Other changes and bugs fixed:
+ Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
+ Templating: Fixed a race condition when using the title function. It is now race-safe
+ API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
+ API: Attempting to delete a silence now returns the correct status code, 404 instead of 500
+ Clustering: Fixes a panic when tls_client_config is empty
+ Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text
+ Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the
alert delivery
+ Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster
+ Integrations: Add Microsoft Teams as a supported integration
- Version 0.25.0:
* Fail configuration loading if api_key and api_key_file are defined at the same time
* Fix the alertmanager_alerts metric to avoid counting resolved alerts as active. Also added a new
alertmanager_marked_alerts metric that retain the old behavior
* Trim contents of Slack API URLs when reading from files
* amtool: Avoid panic when the label value matcher is empty
* Fail configuration loading if api_url is empty for OpsGenie
* Fix email template for resolved notifications
* Add proxy_url support for OAuth2 in HTTP client configuration
* Reload TLS certificate and key from disk when updated
* Add Discord integration
* Add Webex integration
* Add min_version support to select the minimum TLS version in HTTP client configuration
* Add max_version support to select the maximum TLS version in HTTP client configuration
* Emit warning logs when truncating messages in notifications
* Support HEAD method for the /-/healty and /-/ready endpoints
* Add support for reading global and local SMTP passwords from files
* UI: Add 'Link' button to alerts in list
* UI: Allow to choose the first day of the week as Sunday or Monday
- Version 0.24.0:
* Fix HTTP client configuration for the SNS receiver
* Fix unclosed file descriptor after reading the silences snapshot file
* Fix field names for mute_time_intervals in JSON marshaling
* Ensure that the root route doesn't have any matchers
* Truncate the message's title to 1024 chars to avoid hitting Slack limits
* Fix the default HTML email template (email.default.html) to match with the canonical source
* Detect SNS FIFO topic based on the rendered value
* Avoid deleting and recreating a silence when an update is possible
* api/v2: Return 200 OK when deleting an expired silence
* amtool: Fix the silence's end date when adding a silence. The end date is (start date + duration) while it used to
be (current time + duration). The new behavior is consistent with the update operation
* Add the /api/v2 prefix to all endpoints in the OpenAPI specification and generated client code
* Add --cluster.tls-config experimental flag to secure cluster traffic via mutual TLS
* Add Telegram integration
Patchnames
SUSE-2024-512,SUSE-SLE-Manager-Tools-15-2024-512,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-512,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-512,openSUSE-SLE-15.5-2024-512
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for golang-github-prometheus-alertmanager",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for golang-github-prometheus-alertmanager fixes the following issues:\n \ngolang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 (jsc#PED-7353):\n\n- Version 0.26.0:\n * Security fixes:\n + CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)\n * Other changes and bugs fixed:\n + Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash\n + Templating: Fixed a race condition when using the title function. It is now race-safe\n + API: Fixed duplicate receiver names in the api/v2/receivers API endpoint\n + API: Attempting to delete a silence now returns the correct status code, 404 instead of 500\n + Clustering: Fixes a panic when tls_client_config is empty\n + Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text\n + Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the\n alert delivery\n + Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster\n + Integrations: Add Microsoft Teams as a supported integration\n- Version 0.25.0:\n * Fail configuration loading if api_key and api_key_file are defined at the same time\n * Fix the alertmanager_alerts metric to avoid counting resolved alerts as active. Also added a new\n alertmanager_marked_alerts metric that retain the old behavior\n * Trim contents of Slack API URLs when reading from files\n * amtool: Avoid panic when the label value matcher is empty\n * Fail configuration loading if api_url is empty for OpsGenie\n * Fix email template for resolved notifications\n * Add proxy_url support for OAuth2 in HTTP client configuration\n * Reload TLS certificate and key from disk when updated\n * Add Discord integration\n * Add Webex integration\n * Add min_version support to select the minimum TLS version in HTTP client configuration\n * Add max_version support to select the maximum TLS version in HTTP client configuration\n * Emit warning logs when truncating messages in notifications\n * Support HEAD method for the /-/healty and /-/ready endpoints\n * Add support for reading global and local SMTP passwords from files\n * UI: Add \u0027Link\u0027 button to alerts in list\n * UI: Allow to choose the first day of the week as Sunday or Monday\n- Version 0.24.0:\n * Fix HTTP client configuration for the SNS receiver\n * Fix unclosed file descriptor after reading the silences snapshot file\n * Fix field names for mute_time_intervals in JSON marshaling\n * Ensure that the root route doesn\u0027t have any matchers\n * Truncate the message\u0027s title to 1024 chars to avoid hitting Slack limits\n * Fix the default HTML email template (email.default.html) to match with the canonical source\n * Detect SNS FIFO topic based on the rendered value\n * Avoid deleting and recreating a silence when an update is possible\n * api/v2: Return 200 OK when deleting an expired silence\n * amtool: Fix the silence\u0027s end date when adding a silence. The end date is (start date + duration) while it used to\n be (current time + duration). The new behavior is consistent with the update operation\n * Add the /api/v2 prefix to all endpoints in the OpenAPI specification and generated client code\n * Add --cluster.tls-config experimental flag to secure cluster traffic via mutual TLS\n * Add Telegram integration\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-512,SUSE-SLE-Manager-Tools-15-2024-512,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-512,SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-512,openSUSE-SLE-15.5-2024-512",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0512-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:0512-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240512-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:0512-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017925.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218838",
"url": "https://bugzilla.suse.com/1218838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-40577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-40577/"
}
],
"title": "Security update for golang-github-prometheus-alertmanager",
"tracking": {
"current_release_date": "2024-02-15T13:43:08Z",
"generator": {
"date": "2024-02-15T13:43:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:0512-1",
"initial_release_date": "2024-02-15T13:43:08Z",
"revision_history": [
{
"date": "2024-02-15T13:43:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"product_id": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"product": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"product_id": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"product": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"product_id": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"product_id": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy Module 4.3",
"product": {
"name": "SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64 as component of SUSE Manager Proxy Module 4.3",
"product_id": "SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-40577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-40577"
}
],
"notes": [
{
"category": "general",
"text": "Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-40577",
"url": "https://www.suse.com/security/cve/CVE-2023-40577"
},
{
"category": "external",
"summary": "SUSE Bug 1218838 for CVE-2023-40577",
"url": "https://bugzilla.suse.com/1218838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"SUSE Manager Proxy Module 4.3:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.aarch64",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.ppc64le",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.s390x",
"openSUSE Leap 15.5:golang-github-prometheus-alertmanager-0.26.0-150100.4.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-02-15T13:43:08Z",
"details": "important"
}
],
"title": "CVE-2023-40577"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…