Oval Definition:	oval:org.opensuse.security:def:202129622
Revision Date: 2022-06-30 Version: 1 Title: CVE-2021-29622 Description: Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2021-29622 SUSE CVE-2021-29622 SUSE-SU-2021:2664-1 SUSE-SU-2021:2673-1 SUSE-SU-2021:2675-1 openSUSE-SU-2021:1162-1 openSUSE-SU-2021:2664-1 openSUSE-SU-2021:2675-1 SUSE-SU-2021:3907-1 SUSE-SU-2021:3908-1 Platform(s): openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Tumbleweed SUSE Enterprise Storage 6 Product(s): Definition Synopsis openSUSE Tumbleweed is installed AND golang-github-prometheus-prometheus-2.27.1-4.2 is installed Definition Synopsis openSUSE Leap 15.3 is installed AND Package Information ansible-2.9.21-1.5.1 is installed AND ansible is signed with openSUSE key OR ansible-doc-2.9.21-1.5.1 is installed AND ansible-doc is signed with openSUSE key OR ansible-test-2.9.21-1.5.1 is installed AND ansible-test is signed with openSUSE key OR dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1 is installed AND dracut-saltboot is signed with openSUSE key OR golang-github-prometheus-prometheus-2.27.1-3.8.1 is installed AND golang-github-prometheus-prometheus is signed with openSUSE key OR mgr-cfg-4.2.3-1.18.1 is installed AND mgr-cfg is signed with openSUSE key OR mgr-cfg-actions-4.2.3-1.18.1 is installed AND mgr-cfg-actions is signed with openSUSE key OR mgr-cfg-client-4.2.3-1.18.1 is installed AND mgr-cfg-client is signed with openSUSE key OR mgr-cfg-management-4.2.3-1.18.1 is installed AND mgr-cfg-management is signed with openSUSE key OR mgr-custom-info-4.2.2-1.12.1 is installed AND mgr-custom-info is signed with openSUSE key OR mgr-osa-dispatcher-4.2.6-1.30.1 is installed AND mgr-osa-dispatcher is signed with openSUSE key OR mgr-osad-4.2.6-1.30.1 is installed AND mgr-osad is signed with openSUSE key OR mgr-push-4.2.3-1.12.1 is installed AND mgr-push is signed with openSUSE key OR mgr-virtualization-host-4.2.2-1.20.1 is installed AND mgr-virtualization-host is signed with openSUSE key OR python2-mgr-cfg-4.2.3-1.18.1 is installed AND python2-mgr-cfg is signed with openSUSE key OR python2-mgr-cfg-actions-4.2.3-1.18.1 is installed AND python2-mgr-cfg-actions is signed with openSUSE key OR python2-mgr-cfg-client-4.2.3-1.18.1 is installed AND python2-mgr-cfg-client is signed with openSUSE key OR python2-mgr-cfg-management-4.2.3-1.18.1 is installed AND python2-mgr-cfg-management is signed with openSUSE key OR python2-mgr-osa-common-4.2.6-1.30.1 is installed AND python2-mgr-osa-common is signed with openSUSE key OR python2-mgr-osa-dispatcher-4.2.6-1.30.1 is installed AND python2-mgr-osa-dispatcher is signed with openSUSE key OR python2-mgr-osad-4.2.6-1.30.1 is installed AND python2-mgr-osad is signed with openSUSE key OR python2-mgr-push-4.2.3-1.12.1 is installed AND python2-mgr-push is signed with openSUSE key OR python2-mgr-virtualization-common-4.2.2-1.20.1 is installed AND python2-mgr-virtualization-common is signed with openSUSE key OR python2-mgr-virtualization-host-4.2.2-1.20.1 is installed AND python2-mgr-virtualization-host is signed with openSUSE key OR python2-rhnlib-4.2.4-3.28.1 is installed AND python2-rhnlib is signed with openSUSE key OR python2-spacewalk-check-4.2.12-3.44.1 is installed AND python2-spacewalk-check is signed with openSUSE key OR python2-spacewalk-client-setup-4.2.12-3.44.1 is installed AND python2-spacewalk-client-setup is signed with openSUSE key OR python2-spacewalk-client-tools-4.2.12-3.44.1 is installed AND python2-spacewalk-client-tools is signed with openSUSE key OR python2-spacewalk-koan-4.2.4-3.21.1 is installed AND python2-spacewalk-koan is signed with openSUSE key OR python2-spacewalk-oscap-4.2.2-3.12.1 is installed AND python2-spacewalk-oscap is signed with openSUSE key OR python2-suseRegisterInfo-4.2.4-3.15.1 is installed AND python2-suseRegisterInfo is signed with openSUSE key OR python2-uyuni-common-libs-4.2.5-1.15.1 is installed AND python2-uyuni-common-libs is signed with openSUSE key OR python3-mgr-cfg-4.2.3-1.18.1 is installed AND python3-mgr-cfg is signed with openSUSE key OR python3-mgr-cfg-actions-4.2.3-1.18.1 is installed AND python3-mgr-cfg-actions is signed with openSUSE key OR python3-mgr-cfg-client-4.2.3-1.18.1 is installed AND python3-mgr-cfg-client is signed with openSUSE key OR python3-mgr-cfg-management-4.2.3-1.18.1 is installed AND python3-mgr-cfg-management is signed with openSUSE key OR python3-mgr-osa-common-4.2.6-1.30.1 is installed AND python3-mgr-osa-common is signed with openSUSE key OR python3-mgr-osa-dispatcher-4.2.6-1.30.1 is installed AND python3-mgr-osa-dispatcher is signed with openSUSE key OR python3-mgr-osad-4.2.6-1.30.1 is installed AND python3-mgr-osad is signed with openSUSE key OR python3-mgr-push-4.2.3-1.12.1 is installed AND python3-mgr-push is signed with openSUSE key OR python3-mgr-virtualization-common-4.2.2-1.20.1 is installed AND python3-mgr-virtualization-common is signed with openSUSE key OR python3-mgr-virtualization-host-4.2.2-1.20.1 is installed AND python3-mgr-virtualization-host is signed with openSUSE key OR python3-rhnlib-4.2.4-3.28.1 is installed AND python3-rhnlib is signed with openSUSE key OR python3-spacewalk-check-4.2.12-3.44.1 is installed AND python3-spacewalk-check is signed with openSUSE key OR python3-spacewalk-client-setup-4.2.12-3.44.1 is installed AND python3-spacewalk-client-setup is signed with openSUSE key OR python3-spacewalk-client-tools-4.2.12-3.44.1 is installed AND python3-spacewalk-client-tools is signed with openSUSE key OR python3-spacewalk-koan-4.2.4-3.21.1 is installed AND python3-spacewalk-koan is signed with openSUSE key OR python3-spacewalk-oscap-4.2.2-3.12.1 is installed AND python3-spacewalk-oscap is signed with openSUSE key OR python3-suseRegisterInfo-4.2.4-3.15.1 is installed AND python3-suseRegisterInfo is signed with openSUSE key OR python3-uyuni-common-libs-4.2.5-1.15.1 is installed AND python3-uyuni-common-libs is signed with openSUSE key OR spacecmd-4.2.11-3.62.1 is installed AND spacecmd is signed with openSUSE key OR spacewalk-check-4.2.12-3.44.1 is installed AND spacewalk-check is signed with openSUSE key OR spacewalk-client-setup-4.2.12-3.44.1 is installed AND spacewalk-client-setup is signed with openSUSE key OR spacewalk-client-tools-4.2.12-3.44.1 is installed AND spacewalk-client-tools is signed with openSUSE key OR spacewalk-koan-4.2.4-3.21.1 is installed AND spacewalk-koan is signed with openSUSE key OR spacewalk-oscap-4.2.2-3.12.1 is installed AND spacewalk-oscap is signed with openSUSE key OR suseRegisterInfo-4.2.4-3.15.1 is installed AND suseRegisterInfo is signed with openSUSE key Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information ansible-2.9.21-lp152.2.7.1 is installed AND ansible is signed with openSUSE key OR ansible-doc-2.9.21-lp152.2.7.1 is installed AND ansible-doc is signed with openSUSE key OR ansible-test-2.9.21-lp152.2.7.1 is installed AND ansible-test is signed with openSUSE key OR dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1 is installed AND dracut-saltboot is signed with openSUSE key OR golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1 is installed AND golang-github-prometheus-prometheus is signed with openSUSE key Definition Synopsis SUSE Enterprise Storage 6 is installed AND golang-github-prometheus-prometheus-2.27.1-3.8.1 is installed
BACK