CVE-2019-3826

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3826

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3826.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3826

Related

Published

2019-03-26T18:29:00Z

Modified

2024-10-12T05:14:54.853171Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

References

Affected packages

Debian:11 / prometheus

Package

Name: prometheus
Purl: pkg:deb/debian/prometheus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.1+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / prometheus

Package

Name: prometheus
Purl: pkg:deb/debian/prometheus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.1+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / prometheus

Package

Name: prometheus
Purl: pkg:deb/debian/prometheus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.1+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/prometheus/prometheus

Affected ranges

Type: GIT
Repo: https://github.com/prometheus/prometheus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

62e591f9

Affected versions

0.*

0.1.0

0.10.0

0.11.0

0.11.1

0.12.0

0.13.0

0.13.0rc2

0.13.1

0.13.2

0.13.3

0.14.0

0.14.0rc1

0.14.0rc2

0.14.0rc3

0.15.0

0.15.0rc1

0.15.0rc2

0.15.0rc3

0.15.1

0.16.0

0.16.0rc1

0.16.0rc2

0.17.0rc1

0.17.0rc2

0.18.0

0.18.0rc1

0.19.0

0.19.1

0.19.2

0.19.3

0.2.0

0.2.1

0.20.0

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.8.0

0.9.0

0.9.0rc1

0.9.0rc2

0.9.0rc3

0.9.0rc4

0.9.0rc5

Other

checkout

dev

discovery-handle-discoverer-updates

v1.*

v1.0.0

v1.0.0-rc.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.3.0-beta.0

v1.3.1

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v2.*

v2.0.0

v2.0.0-alpha.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-beta.0

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.4

v2.0.0-beta.5

v2.0.0-rc.0

v2.0.0-rc.1

v2.0.0-rc.2

v2.0.0-rc.3

v2.1.0

v2.2.0

v2.2.0-rc.0

v2.2.0-rc.1

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.0-rc.0

v2.4.1

v2.4.2

v2.4.3

v2.5.0-rc.0

v2.6.0

v2.6.0-rc.0

v2.6.0-rc.1

v2.6.1

v2.7.0

v2.7.0-rc.0

v2.7.0-rc.1

v2.7.0-rc.2

v2.7.1