CVE-2022-46146

Опубликовано: 29 нояб. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 6.2

Описание

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.

Релиз	Статус	Примечание
bionic	DNE
devel	not-affected	0.8.2-2
esm-apps/jammy	needs-triage
esm-apps/noble	not-affected	0.8.2-2
esm-infra/focal	DNE
focal	DNE
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage
mantic	not-affected	0.8.2-2

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
kinetic	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 33%

0.00127

Низкий

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2022-46146

CVSS3: 7.5

redhat

больше 2 лет назад

CVE-2022-46146

CVSS3: 6.2

nvd

больше 2 лет назад

CVE-2022-46146

CVSS3: 8.8

msrc

10 месяцев назад

Описание отсутствует

CVE-2022-46146

CVSS3: 6.2

debian

больше 2 лет назад

Prometheus Exporter Toolkit is a utility package to build exporters. P ...

SUSE-SU-2023:1859-1

suse-cvrf

около 2 лет назад

Security update for golang-github-prometheus-prometheus

EPSS

Процентиль: 33%

0.00127

Низкий

6.2 Medium

CVSS3

CVE-2022-46146

Описание

Пакет golang-github-prometheus-exporter-toolkit

Пакет prometheus

Ссылки на источники

Связанные уязвимости