CVE-2023-26735 – github.com/prometheus/blackbox_exporter

Package

Manager: go
Name: github.com/prometheus/blackbox_exporter
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00298 pctl0.52651

Details

Withdrawn Advisory: Access control issues in blackbox_exporter # Withdrawn Advisory This advisory has been withdrawn because it was determined to be a configuration issue rather than a vulnerability. This link is maintained to preserve external references. For more information, see the conversation [here](https://github.com/prometheus/blackbox_exporter/issues/1024#issuecomment-1449145854). # Original Advisory blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.

Metadata

Created: 2023-04-26T00:30:21Z
Modified: 2025-02-04T21:22:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-939c-3g97-vpvv/GHSA-939c-3g97-vpvv.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-939c-3g97-vpvv
Finding: N/A
Auto approve: 0