CVE-2023-26735: Access control issues in blackbox_exporter

April 26, 2023 (updated November 9, 2023)

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.

References

blackboxexporter.com/
prometheus.com/
github.com/advisories/GHSA-939c-3g97-vpvv
github.com/prometheus/blackbox_exporter/issues/1024
github.com/prometheus/blackbox_exporter/issues/1025
github.com/prometheus/blackbox_exporter/issues/1026
nvd.nist.gov/vuln/detail/CVE-2023-26735

Detect and mitigate CVE-2023-26735 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →