—
GO-2026-5710
Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus
Details
Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/prometheus/prometheus
Introduced in:
0.45.2 Fixed in: 0.311.3 Fix
go get github.com/prometheus/prometheus@v0.311.3 References
- https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-42151 [ADVISORY]
- https://github.com/prometheus/prometheus/pull/18587 [FIX]
- https://github.com/prometheus/prometheus/pull/18590 [FIX]
- https://github.com/prometheus/prometheus/releases/tag/v3.11.3 [WEB]
- https://github.com/prometheus/prometheus/releases/tag/v3.5.3 [WEB]