Summary: | <app-metrics/blackbox_exporter-0.24.0: basic authentication bypass | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p | ||
Whiteboard: | B3 [stable?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 883639 |
Description
John Helmert III
2022-11-29 19:05:54 UTC
blackbox_exporter-0.21.1 includes exporter-toolkit-0.7.1 and consequently is vulnerable to this issue. Please update to a newer version. The first fixed version appears to be blackbox_exporter-0.23.0. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55b6972bdc5a750b114f66086ee5c79d37c32ec1 commit 55b6972bdc5a750b114f66086ee5c79d37c32ec1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-10-28 21:29:05 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-10-28 21:39:58 +0000 app-metrics/blackbox_exporter: add 0.24.0 Bug: https://bugs.gentoo.org/883651 Signed-off-by: John Helmert III <ajak@gentoo.org> app-metrics/blackbox_exporter/Manifest | 2 + .../blackbox_exporter-0.24.0.ebuild | 55 ++++++++++++++++++++++ 2 files changed, 57 insertions(+) Remember that we version the atom in the summary only when there's a fixed version in tree. |