ALT Linux Team

Package prometheus-podman-exporter update in sisyphus on 2025-10-06

ALT-PU-2025-12679-2

Package prometheus-podman-exporter updated to version 1.19.0-alt1 for branch sisyphus in task 396534.

Closed vulnerabilities

Published: 2025-09-18

BDU:2025-11595

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
References:
Published: 2025-08-12

BDU:2025-11599

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-09-18
Modified: 2025-09-19

CVE-2025-47906

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References:
Published: 2025-09-22
Modified: 2025-09-24

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top