Vulnerability Description
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prometheus | Blackbox Exporter | 0.23.0 |
Related Weaknesses (CWE)
References
- http://blackboxexporter.comBroken Link
- http://prometheus.comBroken Link
- https://github.com/prometheus/blackbox_exporter#tls-and-basic-authenticationProduct
- https://github.com/prometheus/blackbox_exporter/issues/1024Issue Tracking
- https://github.com/prometheus/blackbox_exporter/issues/1025Issue Tracking
- https://github.com/prometheus/blackbox_exporter/issues/1026Issue Tracking
- http://blackboxexporter.comBroken Link
- http://prometheus.comBroken Link
- https://github.com/prometheus/blackbox_exporter#tls-and-basic-authenticationProduct
- https://github.com/prometheus/blackbox_exporter/issues/1024Issue Tracking
- https://github.com/prometheus/blackbox_exporter/issues/1025Issue Tracking
- https://github.com/prometheus/blackbox_exporter/issues/1026Issue Tracking
- https://github.com/prometheus/blackbox_exporter#tls-and-basic-authenticationProduct
FAQ
What is CVE-2023-26735?
CVE-2023-26735 is a vulnerability with a CVSS score of 7.5 (HIGH). blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resou...
How severe is CVE-2023-26735?
CVE-2023-26735 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26735?
Check the references section above for vendor advisories and patch information. Affected products include: Prometheus Blackbox Exporter.