Vulnerability Description
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Cortex | < 1.8.1 |
References
- https://community.grafana.com/c/security-announcementsThird Party Advisory
- https://github.com/cortexproject/cortexThird Party Advisory
- https://github.com/cortexproject/cortex/pull/4129/filesPatchThird Party Advisory
- https://lists.cncf.io/g/cortex-users/message/50Release NotesVendor Advisory
- https://community.grafana.com/c/security-announcementsThird Party Advisory
- https://github.com/cortexproject/cortexThird Party Advisory
- https://github.com/cortexproject/cortex/pull/4129/filesPatchThird Party Advisory
- https://lists.cncf.io/g/cortex-users/message/50Release NotesVendor Advisory
FAQ
What is CVE-2021-31232?
CVE-2021-31232 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack ve...
How severe is CVE-2021-31232?
CVE-2021-31232 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31232?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Cortex.