github.com/grafana/agent is vulnerable to authentication bypass. The library does not properly restrict access to config endpoints, allowing an attacker to authenticate against a system for discovering Prometheus targets and collecting metrics leads to information disclosure.
github.com/grafana/agent/commit/a9bc23c74f3727399e4f720abbbe9a3b5fc8b973
github.com/grafana/agent/commit/af7fb01e31fe2d389e5f1c36b399ddc46b412b21
github.com/grafana/agent/pull/1152
github.com/grafana/agent/releases/tag/v0.20.1
github.com/grafana/agent/releases/tag/v0.21.2
github.com/grafana/agent/security/advisories/GHSA-9c4x-5hgq-q3wh
security.netapp.com/advisory/ntap-20211229-0004/