Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Voiding CVE-2020-16248

Related Vulnerabilities: CVE-2020-16248  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Voiding CVE-2020-16248

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Jeffrey Walton &lt;noloader () gmail com&gt;

Date: Sat, 8 Aug 2020 14:17:04 -0400

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Sat, Aug 8, 2020 at 1:46 PM Bastian Blank &lt;bblank () thinkmo de&gt; wrote:

Hi Richard

On Sat, Aug 08, 2020 at 10:49:14AM +0200, Richard Hartmann wrote:
the Prometheus project[1] has received a public "vulnerability"
report[2] against what the reporter called SSRF, but what is the core
functionality of blackbox_exporter[3]: The ability to trigger network
probes over the network to monitor a target's availability.

Could you please explain yourself why you think this is not a
vulnerability?  Even wanted functuality can constitute a vulnerability
if looked on closer.

The software allows to send pre-defined requests to arbitrary targets
and extract at least parts of the response.  This is a typical SSRF.
Would you require to specify the allowed targets, noone would ask.

ICMP and the root user requirement makes blackbox_exporter a good target.

It also looks like a confused deputy to me, which also makes it a
privilege escalation.

Naively, it looks like a feature that provides an attacker
reconnaissance capabilities and allows network enumeration.

Jeff

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Voiding CVE-2020-16248 Richard Hartmann (Aug 08)

Re: Voiding CVE-2020-16248 Hanno Böck (Aug 08)

Re: [prometheus-team] Voiding CVE-2020-16248 Bartłomiej Płotka (Aug 08)

Re: [prometheus-team] Voiding CVE-2020-16248 Julien Pivotto (Aug 08)

Re: Voiding CVE-2020-16248 Sylvain Beucler (Aug 08)

Re: Voiding CVE-2020-16248 Richard Hartmann (Aug 09)

Re: Voiding CVE-2020-16248 Bastian Blank (Aug 08)

Re: Voiding CVE-2020-16248 Jeffrey Walton (Aug 08)

Re: Voiding CVE-2020-16248 Richard Hartmann (Aug 09)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started