github.com/cortexproject/cortex

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/cortexproject/cortexpage 1 of 1

CVE-2021-31232MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.8.1
2021-04-30
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a web…
CVE-2021-36157MEDIUMCVSS 5.3EG 5.3
2021-08-03
An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, …
CVE-2022-23536MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.14.1
2022-12-19
Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing malici…
CVE-2024-41265HIGHCVSS 7.5EG 7.5
2024-08-01
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

Check whether github.com/cortexproject/cortex is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/cortexproject/cortex CVEs against the assets you own.

Start Free Scan →