Prometheus · Prometheus Blackbox Exporter · CVE-2020-16248
**Name of the Vulnerable Software and Affected Versions**
Prometheus Blackbox Exporter versions through 0.17.0
**Description**
The issue allows for a Server-Side Request Forgery (SSRF) via the /probe endpoint with the `target` parameter. There is a discussion suggesting this could be seen as both intended functionality and a potential issue.
**Recommendations**
For Prometheus Blackbox Exporter versions through 0.17.0, consider restricting access to the /probe endpoint or limiting the `target` parameter to minimize the risk of SSRF exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.