VDB
CVE-2022-46146
CVE-2022-46146
PUBLISHED
Es existiert eine Schwachstelle in Prometheus. Ein Fehler in der Implementierung des "bcrypt hashings" im Exporter-Toolkit ermöglicht es Personen, die das gehashte Passwort kennen, sich gegenüber Prometheus zu authentifizieren. Ein privilegierter Angreifer kann diese Schwachstelle ausnutzen, um die Basisauthentifizierung zu umgehen.
EPSS 0.19% · 40.1th percentile
Risk Scores
EPSS Score
0.19%
40.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform <4.11.49 | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| SUSE | SUSE Linux |
Exploit Intelligence
Timeline
- Nov 29, 2022 CVE Published
- Nov 30, 2022 EPSS Score
- Jan 11, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 6, 2023 EPSS Score
- Jun 30, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 22, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Dec 16, 2023 EPSS Score
- Jan 12, 2024 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2194.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2194 advisory
- https://github.com/prometheus/prometheus/security/advisories/GHSA-4v48-4q5m-8vx4 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013846.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013841.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-February/013852.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014099.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014098.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014097.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014457.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014455.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-April/014456.html advisory
- https://access.redhat.com/errata/RHSA-2023:2110 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014865.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014868.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014867.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014866.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/018017.html advisory
…and 6 more