VDB
GHSA-4v48-4q5m-8vx4
GHSA-4v48-4q5m-8vx4
PUBLISHED
CVSS 7.199999809265137 HIGH
Prometheus vulnerable to basic authentication bypass
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | prometheus/prometheus/v2 | 2.38.0, 2.24.1 |
| github.com | prometheus/prometheus | 2.24.1, 2.38.0, 2.38.0 |
| github.com | prometheus/prometheus | |
| github.com | prometheus/prometheus | 2.24.1, 2.38.0 |
| Go | github.com/prometheus/prometheus/v2 | 2.38.0, 2.24.1 |
| Go | github.com/prometheus/prometheus | 2.24.1, 2.38.0 |
| github.com | prometheus/prometheus/v2 | 2.24.1, 2.24.1, 2.38.0 |
Timeline
- Dec 5, 2022 CVE Published
- Apr 15, 2026 CVE Updated
References
- https://github.com/prometheus/prometheus/security/advisories/GHSA-4v48-4q5m-8vx4 url
- https://github.com/prometheus/prometheus/commit/31a2db3ae9c0f4b486b6895973beabc1d1beac93 url
- https://github.com/prometheus/prometheus/releases/tag/v2.37.4 url
- https://github.com/prometheus/prometheus/releases/tag/v2.40.4 url
- github.com/prometheus/prometheus package
- GitHub Advisory GHSA-4v48-4q5m-8vx4 vendor-advisory