CVE-2023-26735
published 2023-04-26CVE-2023-26735: blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.95%
56.7th percentile
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | prometheus-blackbox-exporter | — | — |
| github.com | prometheus_blackbox_exporter | 0 – 0.23.0 | — |
| prometheus | blackbox_exporter | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2023-26735: prometheus-blackbox-exporter - blackbox_exporter v0.23.0 was discovered to contain an access control issue in i...
vendor_debian·2023·CVSS 7.5
CVE-2023-26735 [HIGH] CVE-2023-26735: prometheus-blackbox-exporter - blackbox_exporter v0.23.0 was discovered to contain an access control issue in i...
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
OSV
CVE-2023-26735: ** DISPUTED ** blackbox_exporter v0
osv·2023-04-26·CVSS 7.5
CVE-2023-26735 [HIGH] CVE-2023-26735: ** DISPUTED ** blackbox_exporter v0
** DISPUTED ** blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
GHSA
Withdrawn Advisory: Access control issues in blackbox_exporter
ghsa·2023-04-26
CVE-2023-26735 [HIGH] CWE-918 Withdrawn Advisory: Access control issues in blackbox_exporter
Withdrawn Advisory: Access control issues in blackbox_exporter
# Withdrawn Advisory
This advisory has been withdrawn because it was determined to be a configuration issue rather than a vulnerability. This link is maintained to preserve external references. For more information, see the conversation [here](https://github.com/prometheus/blackbox_exporter/issues/1024#issuecomment-1449145854).
# Original Advisory
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.
OSV
CVE-2023-26735: blackbox_exporter v0
osv·2023-04-26·CVSS 7.5
CVE-2023-26735 [HIGH] CVE-2023-26735: blackbox_exporter v0
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://blackboxexporter.comhttp://prometheus.comhttps://github.com/prometheus/blackbox_exporter#tls-and-basic-authenticationhttps://github.com/prometheus/blackbox_exporter/issues/1024https://github.com/prometheus/blackbox_exporter/issues/1025https://github.com/prometheus/blackbox_exporter/issues/1026http://blackboxexporter.comhttp://prometheus.comhttps://github.com/prometheus/blackbox_exporter#tls-and-basic-authenticationhttps://github.com/prometheus/blackbox_exporter/issues/1024https://github.com/prometheus/blackbox_exporter/issues/1025https://github.com/prometheus/blackbox_exporter/issues/1026https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication
2023-04-26
Published