EUVD-2022-7555

Malicious code in bioql PyPI...

ROS-20240806-13

Vulnerability in the implementation of the bcrypt hashing algorithm of the Prometheus system file export library Exporter Toolkit is related to authentication bypass during web.yml file processing. Exploitation of the vulnerability could allow an attacker to bypass security restrictions and gain...

The vulnerability of the bcrypt hashing algorithm implementation in the system file exporter tool for Prometheus Exporter Toolkit allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the bcrypt hashing algorithm implementation in the Prometheus Exporter Toolkit’s file export function is related to the ability to bypass authentication when processing the web.yml file. Exploiting this vulnerability can allow attackers to circumvent security restrictions and...

SUSE CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

Prometheus Exporter-Toolkit is vulnerable to authentication bypass

Impact Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password back. However, a flaw ...

Authentication Bypass

github.com/prometheus/exporter-toolkit is vulnerable to authentication bypass. It is possible to bypass the security mechanisms by poisoning the built-in authentication cache when an attacker has access to the web.yml file and user's hashed bcrypted passwords...

CVE-2022-46146

A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is used to limit side channel attacks that could tell an attacker if a user is present in the file or not. Prometheus...

GO-2022-1130 Authentication bypass in github.com/prometheus/exporter-toolkit

If an attacker has access to a Prometheus web.yml file and users' bcrypted passwords, it would be possible to bypass security via the built-in authentication cache...

DEBIAN-CVE-2022-46146

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass

Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix...

PT-2022-6550 · Unknown +3 · Prometheus Exporter Toolkit +3

Name of the Vulnerable Software and Affected Versions: Prometheus Exporter Toolkit versions prior to 0.7.2 and 0.8.2 Description: The issue is related to the implementation of the bcrypt hashing algorithm in the Prometheus Exporter Toolkit, which can be exploited to bypass authentication when...