.. / CVE-2021-29622

Exploit for Prometheus - Open Redirect (CVE-2021-29622)

Description:

Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2021-29622.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-29622.yaml

References:

https://github.com/prometheus/prometheus/releases/tag/v2.26.1
https://github.com/prometheus/prometheus/releases/tag/v2.27.1
https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7
https://nvd.nist.gov/vuln/detail/CVE-2021-29622
https://github.com/d4n-sec/d4n-sec.github.io

.. / CVE-2021-29622 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Prometheus - Open Redirect (CVE-2021-29622)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-29622