cvedb.io
CVE-2023-27591
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2023-03-17T20:15:13.100 · Last modified 2026-06-17T05:45:32.273

Summary

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy.

Affected products

miniflux_project — miniflux

Does this affect you?

Add your gear to cvedb and we'll alert you only when miniflux_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.