On 29 May 08:53, Brian Brazil wrote: > On Fri, 29 May 2020 at 04:39, veena thimmegowda <[email protected]> wrote: > > > Hi, > > > > In the burp scan analysis report we found *Cross-site scripting > > (reflected) *vulnerability for the Alertmanager and Prometheus server. > > Please provide the solution to solve/remove this vulnerability. > > > > Neither Prometheus nor the Alertmanager can return 401s, nor is state a URL > parameter we use. This sounds like an issue with a reverse proxy you have > in front of them. > > Brian
Thank you Veena, I would also like to point you to our Security Model page: https://prometheus.io/docs/operating/security/ In this doc, we ask for security issues to be reported to the maintainers listed in the MAINTAINERS of the relevant repository and CC [email protected]. Should you have other reports like this, it would be better to have them handled this way so we can work with you on a timely fix & disclosure. Thanks! > > > > > > Please find the attached files for more information. > > > > Regards, > > Veena > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Prometheus Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/prometheus-users/68a949dd-bc8a-4814-8206-773ba1c0320a%40googlegroups.com > > <https://groups.google.com/d/msgid/prometheus-users/68a949dd-bc8a-4814-8206-773ba1c0320a%40googlegroups.com?utm_medium=email&utm_source=footer> > > . > > > > > -- > Brian Brazil > www.robustperception.io > > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-users/CAHJKeLqRGVjK1SsQ07%2BG6gmU7vRXiDwefrCTF2eE%3D3TzTxV_DA%40mail.gmail.com. -- Julien Pivotto @roidelapluie -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/20200529154354.GA14923%40oxygen.
