3 matches found
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...
CVE-2020-16248
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...
CVE-2020-16248
Prometheus Blackbox Exporter (versions up to 0.17.0) contains a server-side request forgery (SSRF) vulnerability in the /probe endpoint due to an unsanitized target parameter. Exploitation allows an attacker to craft a target value to trigger SSRF, potentially reaching internal assets. The nuclei...