One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8319516 |
| Date de publication | 2023-03-17 20:15:13 (vue: 2023-03-17 23:07:06) |
| Titre | CVE-2023-27591 |
| Texte | Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. |
| Notes | |
| Envoyé | Oui |
| Condensat | 1/8` 2023 27591 `127 `false` `metrics allowed available behind can collector` configuration cve default enabled feed from instance metrics miniflux networks` option patch prior prometheus proxy publicly reachable reader retrieve reverse run set trusted unauthenticated user version where workaround |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.