[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2026:1008-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":24,"duplicates":25,"related":26,"reserved_at":9,"published_at":32,"modified_at":33,"state":9,"summary":34,"references_raw":36,"kevs":86,"epss":9,"epss_history":87,"metrics":88,"affected":89},"SUSE-SU-2026:1008-1","Security update for Prometheus \n\nThis update for Prometheus fixes the following issues:\n\ngolang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter: \n\n- Internal changes to fix build issues with no impact for customers   \n\ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n  * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)\n  * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)\n  * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)\n  * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)\n  * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)\n\n- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):\n\n  * Modernized Interface: Introduced a brand-new UI\n  * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support\n    for more secure, native cloudauthentication.\n  * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental\n    to a stable feature.\n  * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending\n    data to external systems.\n  * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping\n    operations.\n  * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier\n    to troubleshoot why targets aren't reporting correctly.\n  * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were\n    accidentally being scraped multiple times.\n",null,[],[],[],[14,16,18,20,22],{"_key":15},"CVE-2025-12816",{"_key":17},"CVE-2025-13465",{"_key":19},"CVE-2025-61140",{"_key":21},"CVE-2026-1615",{"_key":23},"CVE-2026-25547",[],[],[27,28,29,30,31],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},"2026-03-25T10:07:27Z","2026-03-26T09:00:27.331237Z",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[37,44,49,53,57,61,65,70,74,78,82],{"url":38,"sources":39,"tags":42},"https://www.suse.com/support/update/announcement/2026/suse-su-20261008-1/",[40,41],"osv_suse","osv_opensuse",[43],"Advisory",{"url":45,"sources":46,"tags":47},"https://bugzilla.suse.com/1255588",[40,41],[48],"REPORT",{"url":50,"sources":51,"tags":52},"https://bugzilla.suse.com/1257329",[40,41],[48],{"url":54,"sources":55,"tags":56},"https://bugzilla.suse.com/1257442",[40,41],[48],{"url":58,"sources":59,"tags":60},"https://bugzilla.suse.com/1257841",[40,41],[48],{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1257897",[40,41],[48],{"url":66,"sources":67,"tags":68},"https://www.suse.com/security/cve/CVE-2025-12816",[40,41],[69],"WEB",{"url":71,"sources":72,"tags":73},"https://www.suse.com/security/cve/CVE-2025-13465",[40,41],[69],{"url":75,"sources":76,"tags":77},"https://www.suse.com/security/cve/CVE-2025-61140",[40,41],[69],{"url":79,"sources":80,"tags":81},"https://www.suse.com/security/cve/CVE-2026-1615",[40,41],[69],{"url":83,"sources":84,"tags":85},"https://www.suse.com/security/cve/CVE-2026-25547",[40,41],[69],[],[],[],[90,103,110,117,123,127,131,135,139,143,147,151,155,159,163,167,171,175],{"ecosystem":91,"name":92,"vendor":93,"product":94,"cpe_part":9,"purl_type":95,"purl_namespace":93,"purl_name":94,"source":9,"versions":96},"openSUSE","golang-github-prometheus-alertmanager","opensuse","golang-github-prometheus-alertmanager&distro=openSUSE Leap 15.6","rpm",[97],{"version":98,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":101,"version_end_type":102,"fixed_in":9},"lt0_28_1_150100_4_31_1",true,"ecosystem","0.28.1-150100.4.31.1","excluding",{"ecosystem":91,"name":104,"vendor":93,"product":105,"cpe_part":9,"purl_type":95,"purl_namespace":93,"purl_name":105,"source":9,"versions":106},"golang-github-prometheus-node_exporter","golang-github-prometheus-node_exporter&distro=openSUSE Leap 15.6",[107],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},"lt1_9_1_150100_3_38_1","1.9.1-150100.3.38.1",{"ecosystem":91,"name":111,"vendor":93,"product":112,"cpe_part":9,"purl_type":95,"purl_namespace":93,"purl_name":112,"source":9,"versions":113},"golang-github-prometheus-prometheus","golang-github-prometheus-prometheus&distro=openSUSE Leap 15.6",[114],{"version":115,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":116,"version_end_type":102,"fixed_in":9},"lt3_5_0_150100_4_29_1","3.5.0-150100.4.29.1",{"ecosystem":118,"name":92,"vendor":119,"product":120,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":120,"source":9,"versions":121},"SUSE Linux Enterprise","suse","golang-github-prometheus-alertmanager&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7",[122],{"version":98,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":101,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":92,"vendor":119,"product":124,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":124,"source":9,"versions":125},"golang-github-prometheus-alertmanager&distro=SUSE Manager Client Tools 15",[126],{"version":98,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":101,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":128,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":128,"source":9,"versions":129},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",[130],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":132,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":132,"source":9,"versions":133},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",[134],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":136,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":136,"source":9,"versions":137},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",[138],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":140,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":140,"source":9,"versions":141},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",[142],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":144,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":144,"source":9,"versions":145},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7",[146],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":148,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":148,"source":9,"versions":149},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Server 15 SP4-LTSS",[150],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":152,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":152,"source":9,"versions":153},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Server 15 SP5-LTSS",[154],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":156,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":156,"source":9,"versions":157},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Server 15 SP6-LTSS",[158],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":160,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":160,"source":9,"versions":161},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4",[162],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":164,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":164,"source":9,"versions":165},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5",[166],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":168,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":168,"source":9,"versions":169},"golang-github-prometheus-node_exporter&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP6",[170],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":104,"vendor":119,"product":172,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":172,"source":9,"versions":173},"golang-github-prometheus-node_exporter&distro=SUSE Manager Client Tools for SLE Micro 5",[174],{"version":108,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":109,"version_end_type":102,"fixed_in":9},{"ecosystem":118,"name":111,"vendor":119,"product":176,"cpe_part":9,"purl_type":95,"purl_namespace":119,"purl_name":176,"source":9,"versions":177},"golang-github-prometheus-prometheus&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7",[178],{"version":115,"is_range":99,"range_type":100,"version_start":9,"version_start_type":9,"version_end":116,"version_end_type":102,"fixed_in":9}]