CVE-2023-27591
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-27591
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27591.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-27591
- Aliases
- Related
- Published
- 2023-03-17T20:15:13Z
- Modified
- 2025-04-02T18:27:09.308413Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the
METRICS_COLLECTORconfiguration option is enabled andMETRICS_ALLOWED_NETWORKSis set to127.0.0.1/8(the default). A patch is available in Miniflux 2.0.43. As a workaround, setMETRICS_COLLECTORtofalse(default) or run Miniflux behind a trusted reverse-proxy. - References
Affected packages
Git / github.com/miniflux/v2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/miniflux/v2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0
2.0.0-rc1
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.4
2.0.40
2.0.41
2.0.42
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9