CVE-2022-46146
Prometheus Exporter Toolkit vulnerable to basic authentication bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
Un usuario podía eliminar un perfil VPN del cliente móvil WARP en la plataforma iOS a pesar del interruptor Lock WARP https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/# La función lock-warp-switch está habilitada en Zero Trust Platform. Esto llevó a eludir las políticas y restricciones impuestas a los dispositivos inscritos por la plataforma Zero Trust.
A flaw was found in exporter-toolkit. A request can be forged by an attacker to poison the internal cache used to cache hashes and make subsequent successful requests. This cache is used to limit side channel attacks that could tell an attacker if a user is present in the file or not. Prometheus and its exporters can be secured by a web.yml file that specifies usernames and hashed passwords for basic authentication. Passwords are hashed with bcrypt, which means that even if you have access to the hash, it is very hard to find the original password. However, due to the way this mechanism was implemented in the exporter toolkit, if the hashed password is known, it is possible to authenticate against Prometheus.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-28 CVE Reserved
- 2022-11-29 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
- CWE-303: Incorrect Implementation of Authentication Algorithm
- CWE-305: Authentication Bypass by Primary Weakness
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/11/29/1 | 2024-08-03 | |
| http://www.openwall.com/lists/oss-security/2022/11/29/2 | 2024-08-03 | |
| http://www.openwall.com/lists/oss-security/2022/11/29/4 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 | 2024-01-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Prometheus Search vendor "Prometheus" | Exporter Toolkit Search vendor "Prometheus" for product "Exporter Toolkit" | < 0.7.2 Search vendor "Prometheus" for product "Exporter Toolkit" and version " < 0.7.2" | - |
Affected
| ||||||
| Prometheus Search vendor "Prometheus" | Exporter Toolkit Search vendor "Prometheus" for product "Exporter Toolkit" | >= 0.8.0 < 0.8.2 Search vendor "Prometheus" for product "Exporter Toolkit" and version " >= 0.8.0 < 0.8.2" | - |
Affected
| ||||||