SUSE-SU-2023:0460-1

Опубликовано: 20 фев. 2023

Источник: suse-cvrf

Описание

Security update for prometheus-ha_cluster_exporter

This update for prometheus-ha_cluster_exporter fixes the following issues:

Updated to version 1.3.1:

CVE-2022-46146: Fixed authentication bypass via cache poisoning in prometheus/exporter-toolkit (bsc#1208046, bsc#1208047).

Список пакетов

SUSE Linux Enterprise Module for SAP Applications 15 SP1

prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.24.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230460-1/
Link for SUSE-SU-2023:0460-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013841.html
E-Mail link for SUSE-SU-2023:0460-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208046
SUSE Bug 1208046
https://bugzilla.suse.com/1208047
SUSE Bug 1208047
https://www.suse.com/security/cve/CVE-2022-46146/
SUSE CVE CVE-2022-46146 page

Описание

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.

Затронутые продукты

SUSE Linux Enterprise Module for SAP Applications 15 SP1:prometheus-ha_cluster_exporter-1.3.1+git.1676027782.ad3c0e9-150000.1.24.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-46146.html
CVE-2022-46146
https://bugzilla.suse.com/1208046
SUSE Bug 1208046

SUSE-SU-2023:0460-1

Описание

Список пакетов

SUSE Linux Enterprise Module for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2022-46146

Описание

Затронутые продукты

Ссылки