CVE-2020-16248

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Prometheus Blackbox Exporter versions through 0.17.0

Description The issue allows for a Server-Side Request Forgery (SSRF) via the /probe endpoint with the target parameter. There is a discussion suggesting this could be seen as both intended functionality and a potential issue.

Recommendations For Prometheus Blackbox Exporter versions through 0.17.0, consider restricting access to the /probe endpoint or limiting the target parameter to minimize the risk of SSRF exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

ALT-PU-2021-1153

ALT-PU-2022-1254

CLEANSTART-2026-YM28538

CLEANSTART-2026-ZL24388

CVE-2020-16248

ECHO-0FA2-10C0-9888

Affected Products

Alt Linux

Debian

Prometheus Blackbox Exporter

CVE-2020-16248

Weakness Enumeration

Related Identifiers

Affected Products

References · 19