CNNVD-202602-2064 Information
CNNVD ID
CNNVD-202602-2064
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
Scraparr是TheCfU组织的一个用于*arr套件(Sonarr、Radarr、Lidarr等)的Prometheus导出器。 Scraparr 3.0.0-beta至3.0.2之前版本存在信息泄露漏洞,该漏洞源于当启用Readarr集成时,导出器将配置的Readarr API密钥暴露为别名度量标签值,可能导致API密钥泄露。
Description (English)
Scraparr is a Prometheus Exporter for *arr packages (Sonarr, Radar, Lidarr, etc.) organized by TheCfU. There is an information leak loophole in the pre-Scraparr 3.0.0-beta to 3.0.2, which results from the fact that when the Readarr integration is enabled, the Exporter exposes the configured Readarr API key to an alias measurement label, which may lead to the disclosure of the API key.
Vulnerability Type
信息泄露
Affected Vendor
TheCfU
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/thecfu/scraparr/commit/194116bb8fb0b6ea26421b3e7a7b326973f56cd0 https://github.com/thecfu/scraparr/releases/tag/v3.0.2 https://github.com/thecfu/scraparr/security/advisories/GHSA-hx24-222f-w5cj
Patch
https://github.com/thecfu/scraparr/releases
Share on: