Access Control Bypass in blackbox_exporter v0.23.0 Allows Unauthorized Resource Download and Intranet Port Detection

Access Control Bypass in blackbox_exporter v0.23.0 Allows Unauthorized Resource Download and Intranet Port Detection

CVE-2023-26735 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.

Learn more about our Web Application Penetration Testing UK.