Vulnerabilities > CVE-2020-16248 - Server-Side Request Forgery (SSRF) vulnerability in Prometheus Blackbox Exporter

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

prometheus

CWE-918

NVD

Published: 2020-08-09

Updated: 2024-04-11

Summary

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability

Vulnerable Configurations

Part	Description	Count
Application	Prometheus Prometheus Blackbox Exporter - Prometheus Blackbox Exporter 0.1.0 Prometheus Blackbox Exporter 0.2.0 Prometheus Blackbox Exporter 0.3.0 Prometheus Blackbox Exporter 0.4.0 Prometheus Blackbox Exporter 0.5.0 Prometheus Blackbox Exporter 0.6.0 Prometheus Blackbox Exporter 0.7.0 Prometheus Blackbox Exporter 0.8.0 Prometheus Blackbox Exporter 0.8.1 Prometheus Blackbox Exporter 0.9.0 Prometheus Blackbox Exporter 0.9.1 Prometheus Blackbox Exporter 0.10.0 Prometheus Blackbox Exporter 0.11.0 Prometheus Blackbox Exporter 0.12.0 Prometheus Blackbox Exporter 0.13.0 Prometheus Blackbox Exporter 0.14.0 Prometheus Blackbox Exporter 0.15.0 Prometheus Blackbox Exporter 0.15.1 Prometheus Blackbox Exporter 0.16.0 Prometheus Blackbox Exporter 0.17.0	21

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References