Red Hat Security Advisory: RHTAS 1.3.6 - Red Hat Trusted Artifact Signer Release
The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21
AI Analysis
Technical Summary
Prometheus, an open-source monitoring system, had a vulnerability (CVE-2026-42151) where the Azure AD remote write OAuth client_secret was exposed in plaintext through the /-/config HTTP API endpoint. This was due to the client_secret field being typed as a string instead of a Secret type, which bypassed Prometheus's redaction mechanism for sensitive fields. The exposure allowed any user or process with access to the configuration API endpoint to retrieve the OAuth client secret. The vulnerability affects Prometheus versions prior to 3.5.3 and versions from 3.6.0 up to but not including 3.11.3. The issue has been patched in versions 3.5.3 and 3.11.3.
Potential Impact
The vulnerability allows unauthorized disclosure of the Azure AD OAuth client secret in plaintext to any user or process with access to the Prometheus /-/config HTTP API endpoint. This could lead to compromise of OAuth credentials used for remote write operations, potentially enabling unauthorized access or actions within Azure AD contexts configured in Prometheus.
Mitigation Recommendations
A fix is available in Prometheus versions 3.5.3 and 3.11.3. Users should upgrade affected Prometheus instances to at least version 3.5.3 or 3.11.3 to remediate this vulnerability. There is no indication of alternative mitigations or that the issue is already mitigated without upgrading.
Red Hat Security Advisory: RHTAS 1.3.6 - Red Hat Trusted Artifact Signer Release
Description
The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Prometheus, an open-source monitoring system, had a vulnerability (CVE-2026-42151) where the Azure AD remote write OAuth client_secret was exposed in plaintext through the /-/config HTTP API endpoint. This was due to the client_secret field being typed as a string instead of a Secret type, which bypassed Prometheus's redaction mechanism for sensitive fields. The exposure allowed any user or process with access to the configuration API endpoint to retrieve the OAuth client secret. The vulnerability affects Prometheus versions prior to 3.5.3 and versions from 3.6.0 up to but not including 3.11.3. The issue has been patched in versions 3.5.3 and 3.11.3.
Potential Impact
The vulnerability allows unauthorized disclosure of the Azure AD OAuth client secret in plaintext to any user or process with access to the Prometheus /-/config HTTP API endpoint. This could lead to compromise of OAuth credentials used for remote write operations, potentially enabling unauthorized access or actions within Azure AD contexts configured in Prometheus.
Mitigation Recommendations
A fix is available in Prometheus versions 3.5.3 and 3.11.3. Users should upgrade affected Prometheus instances to at least version 3.5.3 or 3.11.3 to remediate this vulnerability. There is no indication of alternative mitigations or that the issue is already mitigated without upgrading.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-42151
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a20982fe29bf47b50ebdf1c
Added to database: 06/03/2026, 21:10:07 UTC
Last enriched: 07/13/2026, 10:39:31 UTC
Last updated: 07/18/2026, 17:31:43 UTC
Views: 56
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.