Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | prometheus-blackbox-exporter | < 0.18.0-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | prometheus-blackbox-exporter | < 0.18.0-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | prometheus-blackbox-exporter | < 0.18.0-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | prometheus-blackbox-exporter | < 0.18.0-r0 | UNKNOWN |