CVE-2020-16248

Name

CVE-2020-16248

Description

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	https://www.openwall.com/lists/oss-security/2020/08/08/3
Exploit	https://github.com/prometheus/blackbox_exporter/issues/669
Mailing List	https://www.openwall.com/lists/oss-security/2020/08/08/12
Vendor Advisory	https://prometheus.io/docs/operating/security/#exporters
MISC	https://seclists.org/oss-sec/2020/q3/94

References

Match rules

Vulnerable and fixed packages