CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.5%
DISPUTED blackbox_exporter v0.23.0 was discovered to contain an
access control issue in its probe interface. This vulnerability allows
attackers to detect intranet ports and services, as well as download
resources. NOTE: this is disputed by third parties because authentication
can be configured.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | prometheus-blackbox-exporter | < any | UNKNOWN |
ubuntu | 20.04 | noarch | prometheus-blackbox-exporter | < any | UNKNOWN |
ubuntu | 22.04 | noarch | prometheus-blackbox-exporter | < any | UNKNOWN |
ubuntu | 24.04 | noarch | prometheus-blackbox-exporter | < any | UNKNOWN |
blackboxexporter.com
prometheus.com
github.com/prometheus/blackbox_exporter/issues/1024
github.com/prometheus/blackbox_exporter/issues/1024#issuecomment-1526944617
github.com/prometheus/blackbox_exporter/issues/1025
github.com/prometheus/blackbox_exporter/issues/1026
launchpad.net/bugs/cve/CVE-2023-26735
nvd.nist.gov/vuln/detail/CVE-2023-26735
security-tracker.debian.org/tracker/CVE-2023-26735
www.cve.org/CVERecord?id=CVE-2023-26735