VDB
DEBIAN-CVE-2023-40577
DEBIAN-CVE-2023-40577
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | prometheus-alertmanager | *, 0.31.1+ds-1, * |
| Debian:14 | prometheus-alertmanager | 0, 0, 0 |
| Debian:11 | prometheus-alertmanager | 0.28.1+ds, 0.29.0+ds, 0.30.1+ds |
| Debian:13 | prometheus-alertmanager | 0, 0, 0 |
Timeline
- Aug 25, 2023 CVE Published
- Apr 28, 2026 CVE Updated