CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
Vulnerability in the implementation of the bcrypt hashing algorithm of the Prometheus system file export library
Exporter Toolkit is related to authentication bypass during web.yml file processing. Exploitation of the vulnerability
could allow an attacker to bypass security restrictions and gain unauthorized access to protected information.
protected information
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | golang-github-prometheus-exporter-toolkit-devel | < 0.7.3-1 | UNKNOWN |