The Prometheus team has released bugfix releases about an Open Redirect
(CWE-601) security issue.
The issue has been assigned the CVE number CVE-2021-29622.
The security issue affects Prometheus v2.23.0 to v2.26.0, and v2.27.0.
Please find more information here:
The Prometheus team thanks Aaron Devaney from MDSec for reporting this
May 12, 2021: Issue reported privately to Prometheus team
May 12, 2021: A fix is proposed and reviewed
May 13, 2021: CVE-2021-29622 issued by GitHub staff
May 18, 2021: Bugfix released for the last two minor releases of
The releases can be found in the usual locations:
The Prometheus Team