Access Control Issue in Blackbox Exporter by Prometheus
CVE-2023-26735

7.5HIGH

Key Information:

Vendor: Prometheus
Status: Blackbox Exporter
Vendor: CVE Published:; 26 April 2023

What is CVE-2023-26735?

The Blackbox Exporter version 0.23.0 from Prometheus is affected by an access control vulnerability within its probe interface. This issue can potentially allow an attacker to identify intranet ports and services, as well as retrieve resources from the server. Despite the ability to configure authentication, the vulnerability raises significant security concerns, particularly in environments that depend on the secure management of network assets.

References

http://blackboxexporter.com

http://prometheus.com

https://github.com/prometheus/blackbox_exporter/issues/1024

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2023
Vulnerability Reserved
Feb 27, 2023

CVE-2023-26735 Data

JSON