GHSA-939c-3g97-vpvv

Suggest an improvement
Source
https://github.com/advisories/GHSA-939c-3g97-vpvv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-939c-3g97-vpvv/GHSA-939c-3g97-vpvv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-939c-3g97-vpvv
Aliases
Published
2023-04-26T00:30:21Z
Modified
2023-11-08T04:12:02.888078Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Access control issues in blackbox_exporter
Details

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.

References

Affected packages

Go / github.com/prometheus/blackbox_exporter

Package

Name
github.com/prometheus/blackbox_exporter
View open source insights on deps.dev
Purl
pkg:golang/github.com/prometheus/blackbox_exporter

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.23.0