Prometheus v2.27.1 Release Notes
Release Date: 2021-05-18 // almost 3 years ago-
๐ This release contains a bug fix for a security issue in the API endpoint. An attacker can craft a special URL that redirects a user to any endpoint via an ๐ HTTP 302 response. See the [security advisory][GHSA-vx57-7f4q-fpc7] for more details.
๐ [GHSA-vx57-7f4q-fpc7]:https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7
This vulnerability has been reported by Aaron Devaney from MDSec.
- ๐ [BUGFIX] SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)