Fix Basic Authentication Bypass (CVE-2022-46146)

Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>
This commit is contained in:
Julien Pivotto 2022-11-29 10:44:09 +01:00
parent 84e95d8cbc
commit 31a2db3ae9
8 changed files with 20 additions and 16 deletions

View file

@ -1,5 +1,9 @@
# Changelog
## 2.40.4 / 2022-11-29
* [SECURITY] Fix basic authentication bypass vulnerability (CVE-2022-46146). GHSA-4v48-4q5m-8vx4
## 2.40.3 / 2022-11-23
* [BUGFIX] TSDB: Fix compaction after a deletion is called. #11623

View file

@ -1 +1 @@
2.40.3
2.40.4

2
go.mod
View file

@ -46,7 +46,7 @@ require (
github.com/prometheus/common v0.37.0
github.com/prometheus/common/assets v0.2.0
github.com/prometheus/common/sigv4 v0.1.0
github.com/prometheus/exporter-toolkit v0.8.1
github.com/prometheus/exporter-toolkit v0.8.2
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9
github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749
github.com/stretchr/testify v1.8.1

4
go.sum
View file

@ -704,8 +704,8 @@ github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwB
github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4=
github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
github.com/prometheus/exporter-toolkit v0.8.1 h1:TpKt8z55q1zF30BYaZKqh+bODY0WtByHDOhDA2M9pEs=
github.com/prometheus/exporter-toolkit v0.8.1/go.mod h1:00shzmJL7KxcsabLWcONwpyNEuWhREOnFqZW7vadFS0=
github.com/prometheus/exporter-toolkit v0.8.2 h1:sbJAfBXQFkG6sUkbwBun8MNdzW9+wd5YfPYofbmj0YM=
github.com/prometheus/exporter-toolkit v0.8.2/go.mod h1:00shzmJL7KxcsabLWcONwpyNEuWhREOnFqZW7vadFS0=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=

View file

@ -1,6 +1,6 @@
{
"name": "@prometheus-io/codemirror-promql",
"version": "0.40.3",
"version": "0.40.4",
"description": "a CodeMirror mode for the PromQL language",
"types": "dist/esm/index.d.ts",
"module": "dist/esm/index.js",
@ -29,7 +29,7 @@
},
"homepage": "https://github.com/prometheus/prometheus/blob/main/web/ui/module/codemirror-promql/README.md",
"dependencies": {
"@prometheus-io/lezer-promql": "^0.40.3",
"@prometheus-io/lezer-promql": "^0.40.4",
"lru-cache": "^6.0.0"
},
"devDependencies": {

View file

@ -1,6 +1,6 @@
{
"name": "@prometheus-io/lezer-promql",
"version": "0.40.3",
"version": "0.40.4",
"description": "lezer-based PromQL grammar",
"main": "index.cjs",
"type": "module",

View file

@ -28,10 +28,10 @@
},
"module/codemirror-promql": {
"name": "@prometheus-io/codemirror-promql",
"version": "0.40.3",
"version": "0.40.4",
"license": "Apache-2.0",
"dependencies": {
"@prometheus-io/lezer-promql": "^0.40.3",
"@prometheus-io/lezer-promql": "^0.40.4",
"lru-cache": "^6.0.0"
},
"devDependencies": {
@ -61,7 +61,7 @@
},
"module/lezer-promql": {
"name": "@prometheus-io/lezer-promql",
"version": "0.40.3",
"version": "0.40.4",
"license": "Apache-2.0",
"devDependencies": {
"@lezer/generator": "^1.1.1",
@ -17625,7 +17625,7 @@
},
"react-app": {
"name": "@prometheus-io/app",
"version": "0.40.3",
"version": "0.40.4",
"dependencies": {
"@codemirror/autocomplete": "^6.2.0",
"@codemirror/commands": "^6.1.0",
@ -17643,7 +17643,7 @@
"@lezer/lr": "^1.2.3",
"@nexucis/fuzzy": "^0.4.1",
"@nexucis/kvsearch": "^0.8.1",
"@prometheus-io/codemirror-promql": "^0.40.3",
"@prometheus-io/codemirror-promql": "^0.40.4",
"bootstrap": "^4.6.2",
"css.escape": "^1.5.1",
"downshift": "^6.1.11",
@ -19883,7 +19883,7 @@
"@lezer/lr": "^1.2.3",
"@nexucis/fuzzy": "^0.4.1",
"@nexucis/kvsearch": "^0.8.1",
"@prometheus-io/codemirror-promql": "^0.40.3",
"@prometheus-io/codemirror-promql": "^0.40.4",
"@testing-library/react-hooks": "^7.0.2",
"@types/enzyme": "^3.10.12",
"@types/flot": "0.0.32",
@ -19935,7 +19935,7 @@
"@lezer/common": "^1.0.1",
"@lezer/highlight": "^1.1.0",
"@lezer/lr": "^1.2.3",
"@prometheus-io/lezer-promql": "^0.40.3",
"@prometheus-io/lezer-promql": "^0.40.4",
"@types/lru-cache": "^5.1.1",
"isomorphic-fetch": "^3.0.0",
"lru-cache": "^6.0.0",

View file

@ -1,6 +1,6 @@
{
"name": "@prometheus-io/app",
"version": "0.40.3",
"version": "0.40.4",
"private": true,
"dependencies": {
"@codemirror/autocomplete": "^6.2.0",
@ -19,7 +19,7 @@
"@lezer/common": "^1.0.1",
"@nexucis/fuzzy": "^0.4.1",
"@nexucis/kvsearch": "^0.8.1",
"@prometheus-io/codemirror-promql": "^0.40.3",
"@prometheus-io/codemirror-promql": "^0.40.4",
"bootstrap": "^4.6.2",
"css.escape": "^1.5.1",
"downshift": "^6.1.11",