8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.6%
The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest.
A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details.
A user who knows the password hash of a user capable of performing HTTP basic authentication with a vulnerable exporter can use the hash to successfully authenticate as that user via cache manipulation, without knowing the password from which the hash was derived.
There is no known workaround at this time.
All Prometheus SNMP Exporter users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-metrics/snmp_exporter-0.24.1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-metrics/snmp_exporter | < 0.24.1 | UNKNOWN |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.6%