Whitelist Prometheus CVEs

CVE-2024-45337 [1] affects multiple Prometheus containers. The
vulnerability allows for authorisation bypassing due to a flaw in the
handling of public key handling. We only access Prometheus with basic
auth (username/password), so we are not affected by this CVE.

CVE-2024-41110 [2] only affects prometheus_cadvisor. Suggested
workarounds are to avoid using AuthZ plugins and/or restrict access to
the Docker API to trusted parties. Best I can tell, we don't use any
AuthZ plugins and regardless the Docker API can only be reached from
the control plane, as we are not affected by this CVE.

1. https://avd.aquasec.com/nvd/2024/cve-2024-45337/
2. https://avd.aquasec.com/nvd/2024/cve-2024-41110/

Author: MoteHue

etc/kayobe/trivy/allowed-vulnerabilities.yml

@@ -14,9 +14,27 @@
 #   - CVE-2023-31047
 fluentd_allowed_vulnerabilities:
   - CVE-2024-27280
+
 grafana_allowed_vulnerabilities:
   - CVE-2024-8986
 
+prometheus_blackbox_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_memcached_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_mysqld_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_elasticsearch_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_node_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_openstack_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_libvirt_exporter_allowed_vulnerabilities:
+  - CVE-2024-45337
+prometheus_cadvisor_allowed_vulnerabilities:
+  - CVE-2024-41110
+  - CVE-2024-45337
 
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.