prometheus-node-exporter vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the prometheus-node-exporter package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L Information Exposure	<0:3.10.14-1.git.892.af036cb.el7
H Arbitrary Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
H Arbitrary Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
C Authentication Bypass by Primary Weakness	<0:3.10.72-1.git.1060.64daa26.el7
H Improper Authentication	<0:3.9.31-1.git.890.a55de06.el7
H Improper Input Validation	<0:3.9.31-1.git.890.a55de06.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.1063.48444e8.el7
H Improper Input Validation	<0:3.9.31-1.git.890.a55de06.el7
M Information Exposure	<0:3.11.374-1.git.1062.490d6d5.el7
H Information Exposure	<0:3.11.51-1.git.1063.12dd8be.el7
H Session Fixation	<0:3.11.51-1.git.1063.12dd8be.el7
H Resource Exhaustion	<0:3.11.51-1.git.1063.12dd8be.el7
H Information Exposure	<0:3.11.51-1.git.1063.12dd8be.el7
H Static Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
M Link Following	<0:3.11.98-1.git.0.b02f11c.el7
M Link Following	<0:3.10.127-1.git.0.8ebe819.el7
M Link Following	<0:3.9.74-1.git.0.2ab615c.el7
H Static Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
H Improper Authentication	<0:3.11.51-1.git.1063.12dd8be.el7
H Static Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
H Session Fixation	<0:3.11.82-1.git.1063.48444e8.el7
H Session Fixation	<0:3.11.82-1.git.1063.48444e8.el7
H Cross-site Scripting (XSS)	<0:3.11.117-1.git.1.dcee33f.el7
H Static Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
H Improper Authentication	<0:3.11.117-1.git.1.dcee33f.el7
H Improper Input Validation	<0:3.11.51-1.git.1063.12dd8be.el7
M Improper Input Validation	<0:3.9.30-1.git.890.7ea5173.el7
H Cross-site Scripting (XSS)	<0:3.11.51-1.git.1063.12dd8be.el7
H Directory Traversal	<0:3.11.51-1.git.1063.12dd8be.el7
M Privilege Context Switching Error	<0:3.9.30-1.git.890.7ea5173.el7
H Static Code Injection	<0:3.11.82-1.git.1063.48444e8.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.1063.48444e8.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.1063.48444e8.el7
H Cross-site Request Forgery (CSRF)	<0:3.11.82-1.git.1063.48444e8.el7
H API Abuse	<0:3.11.170-1.git.1.51473b7.el7
H Information Exposure	<0:3.11.170-1.git.1.51473b7.el7
H Information Exposure	<0:3.11.170-1.git.1.51473b7.el7
H Covert Timing Channel	<0:3.11.170-1.git.1.51473b7.el7
H Covert Timing Channel	<0:3.11.170-1.git.1.51473b7.el7
H Insufficient Control of Network Message Volume (Network Amplification)	<0:3.11.170-1.git.1.51473b7.el7
H Authentication Bypass by Primary Weakness	<0:3.11.170-1.git.1.51473b7.el7
H Improper Access Control	<0:3.9.101-1.git.1.8295224.el7
H Incomplete Blacklist	<0:3.11.117-1.git.1.dcee33f.el7
H Insufficiently Protected Credentials	<0:3.11.117-1.git.1.dcee33f.el7
M Resource Exhaustion	<0:3.11.219-1.git.1.7fa9674.el7
M Truncation of Security-relevant Information	<0:3.11.248-1.git.1.32f87fc.el7
M Information Exposure	<0:3.11.248-1.git.1.32f87fc.el7
M Buffer Overflow	*
M Resource Exhaustion	*
M Incorrect Authorization	*
M Integer Overflow or Wraparound	*
M Information Exposure	*
H Resource Exhaustion	*
M Improper Input Validation	*
M Out-of-Bounds	*
M Improper Input Validation	*
M Use of Insufficiently Random Values	<0:3.11.374-1.git.1062.490d6d5.el7
H Out-of-bounds Read	<0:3.11.82-1.git.1063.48444e8.el7
H Resource Exhaustion	<0:3.11.82-1.git.1063.48444e8.el7
H Out-of-bounds Read	<0:3.11.82-1.git.1063.48444e8.el7
M Out-of-bounds Read	<0:3.9.60-1.git.1063.df94c95.el7
M Improper Input Validation	*
M Resource Exhaustion	*
M Race Condition	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
M Arbitrary Code Injection	*
M Incorrect Calculation	*
M Incorrect Calculation	*
M HTTP Response Splitting	<0:3.11.374-1.git.1062.490d6d5.el7
L Race Condition	*
L Race Condition	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
H Cross-site Scripting (XSS)	<0:3.11.170-1.git.1.51473b7.el7
M HTTP Request Smuggling	*
H Resource Exhaustion	<0:3.9.101-1.git.1.8295224.el7
H Resource Exhaustion	<0:3.11.154-1.git.1.bc9f224.el7
H Resource Exhaustion	<0:3.9.101-1.git.1.8295224.el7
H Resource Exhaustion	<0:3.11.154-1.git.1.bc9f224.el7
M Resource Exhaustion	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Improper Input Validation	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*

Vulnerability

Vulnerable Version

Information Exposure

<0:3.10.14-1.git.892.af036cb.el7

Arbitrary Code Injection

<0:3.11.82-1.git.1063.48444e8.el7

Arbitrary Code Injection

<0:3.11.82-1.git.1063.48444e8.el7

Authentication Bypass by Primary Weakness

<0:3.10.72-1.git.1060.64daa26.el7

Improper Authentication

<0:3.9.31-1.git.890.a55de06.el7