Prometheus versions from 2.1.0 and before 2.7.1 are vulnerable to a stored DOM based cross-site scripting (XSS) attack. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for malicious code to run and remain in the browser's local storage. Upstream Pull Request: https://github.com/prometheus/prometheus/pull/5163 Upstream Changelog: https://github.com/prometheus/prometheus/commit/62e591f9
Created golang-github-prometheus-prometheus tracking bugs for this issue: Affects: epel-6 [bug 1672867] Affects: fedora-all [bug 1672866]
Prometheus Cluster Monitoring was a Technology Preview feature before OpenShift Container Platform 3.11. https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html-single/release_notes/#ocp-311-technology-preview