CVE-2019-3826

Name of the Vulnerable Software and Affected Versions Prometheus versions prior to 2.7.1

Description A stored, DOM based, cross-site scripting (XSS) flaw was found. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

Recommendations For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted URLs on the Prometheus server to minimize the risk of exploitation.