CVE-2023-26735

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://blackboxexporter.com	Broken Link
http://prometheus.com	Broken Link
https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication	Product
https://github.com/prometheus/blackbox_exporter/issues/1024	Issue Tracking
https://github.com/prometheus/blackbox_exporter/issues/1025	Issue Tracking
https://github.com/prometheus/blackbox_exporter/issues/1026	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:prometheus:blackbox_exporter:0.23.0:*:*:*:*:*:*:*

History

07 Nov 2023, 04:09

Type	Values Removed	Values Added
Summary	DISPUTED blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.	blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.

08 May 2023, 14:26

Type	Values Removed	Values Added
References	~~(MISC) http://blackboxexporter.com -~~	(MISC) http://blackboxexporter.com - Broken Link
References	~~(MISC) http://prometheus.com -~~	(MISC) http://prometheus.com - Broken Link
References	~~(MISC) https://github.com/prometheus/blackbox_exporter/issues/1026 -~~	(MISC) https://github.com/prometheus/blackbox_exporter/issues/1026 - Issue Tracking
References	~~(MISC) https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication -~~	(MISC) https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication - Product
References	~~(MISC) https://github.com/prometheus/blackbox_exporter/issues/1025 -~~	(MISC) https://github.com/prometheus/blackbox_exporter/issues/1025 - Issue Tracking
References	~~(MISC) https://github.com/prometheus/blackbox_exporter/issues/1024 -~~	(MISC) https://github.com/prometheus/blackbox_exporter/issues/1024 - Issue Tracking
CWE		CWE-918
First Time		Prometheus Prometheus blackbox Exporter
CPE		cpe:2.3:a:prometheus:blackbox_exporter:0.23.0:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

28 Apr 2023, 13:15

Type	Values Removed	Values Added
References		(MISC) https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication -
Summary	blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.	DISPUTED blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.

26 Apr 2023, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-26 00:15

Updated : 2024-04-11 01:19

NVD link : CVE-2023-26735

Mitre link : CVE-2023-26735

CVE.ORG link : CVE-2023-26735

JSON object : View

Products Affected

prometheus

blackbox_exporter

CWE

CWE-918

Server-Side Request Forgery (SSRF)

7.5 /10