Headline
GHSA-vw7g-3cc7-7rmh: cortex establishes TLS connections with `InsecureSkipVerify` set to `true`
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
cortex establishes TLS connections with `InsecureSkipVerify` set to `true`
High severity GitHub Reviewed Published Aug 1, 2024 to the GitHub Advisory Database • Updated Aug 2, 2024