Skip to main content

Cortex

5 CVEs product

Monthly

CVE-2023-39069 CRITICAL Act Now

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cortex Thehive
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-23536 Go MEDIUM PATCH This Month

Cortex provides multi-tenant, long term storage for Prometheus. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cortex
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-36157 Go MEDIUM PATCH This Month

An issue was discovered in Grafana Cortex through 1.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal Information Disclosure Cortex
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-31232 Go MEDIUM PATCH This Month

The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cortex
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-20226 HIGH PATCH This Week

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cortex
NVD GitHub
CVSS 3.0
7.2
EPSS
1.7%
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cortex Thehive
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Cortex provides multi-tenant, long term storage for Prometheus. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cortex
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Grafana Cortex through 1.9.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Grafana Path Traversal Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cortex
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cortex
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy