Primary

Context

Pyroscope Storage Secret Exposure Vulnerability

Vulnerability

A vulnerability exists in Pyroscope, an open-source continuous profiling database, when Tencent Cloud Object Storage (COS) is used as the storage backend. In this scenario, an attacker could extract the 'secret_key' configuration value from the Pyroscope API. Exploitation requires direct access to the Pyroscope API. It is recommended to limit the public internet exposure of databases to trusted users or internal systems.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of the 'secret_key' configuration value, potentially allowing for further attacks or unauthorized access.

Remediation

Users can upgrade to Pyroscope versions 1.15.2 and above, 1.16.1 and above, or 1.17.0 and above to address this vulnerability.

Added: Apr 15, 2026, 9:55 PM

Updated: Apr 15, 2026, 9:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pyroscope Storage Secret Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating