Description
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://community.grafana.com/c/security-announcements
Third Party Advisory x_refsource_misc
https://github.com/cortexproject/cortex
Patch, Third Party Advisory x_refsource_misc
https://github.com/cortexproject/cortex/pull/4129/files
Release Notes, Vendor Advisory x_refsource_misc
https://lists.cncf.io/g/cortex-users/message/50
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
25.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (2)
cortexproject/cortex
0 - 1.8.1Go
linuxfoundation/cortex
< 1.8.1
Published
Apr 30, 2021
Tracked Since
Feb 18, 2026