DEBIAN-CVE-2020-16248

DEBIAN-CVE-2020-16248 PUBLISHED CVSS 5.800000190734863 MEDIUM

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability

Risk Scores

CVSS 3.1

5.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	prometheus-blackbox-exporter	0.25.0-1, 0, 0.23.0-4
Debian:14	prometheus-blackbox-exporter	0.26.0-1, 0.26.0-2, 0.28.0-1
Debian:11	prometheus-blackbox-exporter	0.22.0-1, 0.23.0-2, 0.23.0-3
Debian:13	prometheus-blackbox-exporter	0, 0.26.0-1, 0.26.0-2

Exploit Intelligence

Nuclei Template: CVE-2020-16248 (nuclei-template)

Timeline

Aug 9, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-16248 advisory

Open in Interactive Console →