34 matches found
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...
OPENSUSE-SU-2026:10971-1 prometheus-blackbox_exporter-0.26.0-6.1 on GA media
These are all security issues fixed in the prometheus-blackboxexporter-0.26.0-6.1 package on the GA media of openSUSE Tumbleweed...
GHSA-JRG3-GFJW-HM96 vulnerabilities
Vulnerabilities for packages: mesosphere-vsphere-csi, tailscale, secrets-store-csi-driver-provider-azure, aws-privateca-issuer, nri-nginx, yunikorn-k8shim, mountpoint-s3-csi-driver, prometheus-operator, envoy-gateway, nri-consul, bank-vaults, haproxy-ingress,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: mesosphere-vsphere-csi, tailscale, secrets-store-csi-driver-provider-azure, aws-privateca-issuer, nri-nginx, yunikorn-k8shim, mountpoint-s3-csi-driver, prometheus-operator, envoy-gateway, nri-consul, bank-vaults, haproxy-ingress,...
CLEANSTART-2026-YM28538 Prometheus Blackbox Exporter through 0
Multiple security vulnerabilities affect the prometheus-blackbox-exporter package. Prometheus Blackbox Exporter through 0. See references for individual vulnerability details...
CLEANSTART-2026-ZL24388 Prometheus Blackbox Exporter through 0
Multiple security vulnerabilities affect the prometheus-blackbox-exporter package. Prometheus Blackbox Exporter through 0. See references for individual vulnerability details...
Linux Distros Unpatched Vulnerability : CVE-2023-26735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports...
Linux Distros Unpatched Vulnerability : CVE-2020-16248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both...
SUSE SLES15 / openSUSE 15 Security Update : Multi-Linux Manager Client Tools (SUSE-SU-2025:01989-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01989-1 advisory. golang-github-prometheus-prometheus was updated to version 2.53.4: - Security issues fixed: CVE-2023-45288: Require Go = 1.23 fo...
prometheus-blackbox_exporter-0.24.0-3.1 on GA media (moderate)
prometheus-blackboxexporter-0.24.0-3.1 on GA media Announcement ID: openSUSE-SU-2025:15162-1 Rating: moderate Cross-References: CVE-2023-45288 CVE-2025-22870 CVSS scores: CVE-2023-45288 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2023-45288 SUSE : 6.9...
OPENSUSE-SU-2025:15162-1 prometheus-blackbox_exporter-0.24.0-3.1 on GA media
These are all security issues fixed in the prometheus-blackboxexporter-0.24.0-3.1 package on the GA media of openSUSE Tumbleweed...
CVE-2020-16248
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...
OPENSUSE-SU-2024:12904-1 prometheus-blackbox_exporter-0.19.0-13.1 on GA media
These are all security issues fixed in the prometheus-blackboxexporter-0.19.0-13.1 package on the GA media of openSUSE Tumbleweed...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: aactl, dgraph, kubevela, kubescape, kubeflow, src, scorecard, k3d, prometheus-blackbox-exporter, slsa-verifier, buildkitd, up, terraform-provider-sendgrid, falco, spark-operator, cortex...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: falco, scorecard, kubevela, metrics-server-fips, kubescape, cluster-autoscaler-fips, kubernetes-csi-livenessprobe-fips, spark-operator, terraform-provider-sendgrid, timestamp-authority-fips, aactl, kiam, kubernetes-csi-livenessprobe, kubeflow-fips,...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: helm, zot, kubernetes-csi-external-resizer, hugo, nfs-subdir-external-provisioner-fips, kubescape, external-dns, kube-logging-logging-operator, prometheus-pushgateway, apko, hey, spark-operator, nfs-subdir-external-provisioner, caddy, node-problem-detector, kiam,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: haproxy-ingress, wireguard-go, conftest, stakater-reloader, grpcurl, kots, dex, kubescape, terraform-provider-sendgrid, aactl, dgraph, node-problem-detector, hugo, kaf, nodetaint, scorecard, amass, nginx-mainline, flux-source-controller, memcached-exporter,...
SUSE-SU-2023:3122-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: python-tornado: - Security fixes: CVE-2023-28370: Fixed an open redirect issue in the static file handler bsc1211741 kiwi-desc-saltboot: - Update to version 0.1.1687520761.cefb248 Add osimage cert package to bootstrap for SUSE Linux Enterprise 12 images...
DEBIAN-CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
UBUNTU-CVE-2023-26735
DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...