Описание
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| prometheus-blackbox-exporter | unfixed | package |
Примечания
https://github.com/prometheus/blackbox_exporter/issues/1024
https://github.com/prometheus/blackbox_exporter/issues/1024#issuecomment-1526944617
Upstream of the project did disputed the CVE. Upstream position is
that the refererred behaviour is intended functionality.
EPSS
Связанные уязвимости
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
Withdrawn Advisory: Access control issues in blackbox_exporter
EPSS