Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability
References
Link | Resource |
---|---|
https://github.com/prometheus/blackbox_exporter/issues/669 | Exploit Third Party Advisory |
https://prometheus.io/docs/operating/security/#exporters | Vendor Advisory |
https://seclists.org/oss-sec/2020/q3/94 | Mailing List Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/08/08/12 | Mailing List Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/08/08/3 | Mailing List Third Party Advisory |
Configurations
History
07 Nov 2023, 03:18
Type | Values Removed | Values Added |
---|---|---|
Summary | Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability |
Information
Published : 2020-08-09 17:15
Updated : 2024-08-04 14:15
NVD link : CVE-2020-16248
Mitre link : CVE-2020-16248
CVE.ORG link : CVE-2020-16248
JSON object : View
Products Affected
prometheus
- blackbox_exporter
CWE
CWE-918
Server-Side Request Forgery (SSRF)