The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. References: https://community.grafana.com/c/security-announcements https://github.com/cortexproject/cortex https://github.com/cortexproject/cortex/pull/4129/files https://lists.cncf.io/g/cortex-users/message/50
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-31232
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2183174]