CVE-2023-26735: Withdrawn Advisory: Access control issues in blackbox_exporter
(updated )
Withdrawn Advisory
This advisory has been withdrawn because it was determined to be a configuration issue rather than a vulnerability. This link is maintained to preserve external references. For more information, see the conversation here.
Original Advisory
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources.
References
- github.com/advisories/GHSA-939c-3g97-vpvv
- github.com/prometheus/blackbox_exporter
- github.com/prometheus/blackbox_exporter
- github.com/prometheus/blackbox_exporter/issues/1024
- github.com/prometheus/blackbox_exporter/issues/1025
- github.com/prometheus/blackbox_exporter/issues/1026
- nvd.nist.gov/vuln/detail/CVE-2023-26735
Detect and mitigate CVE-2023-26735 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →