vulnerability
SUSE: CVE-2022-46146: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Nov 29, 2022 | Feb 21, 2023 | Jan 28, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Nov 29, 2022
Added
Feb 21, 2023
Modified
Jan 28, 2025
Description
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
Solutions
suse-upgrade-bindsuse-upgrade-bind-chrootenvsuse-upgrade-bind-develsuse-upgrade-bind-devel-32bitsuse-upgrade-bind-docsuse-upgrade-bind-utilssuse-upgrade-dracut-saltbootsuse-upgrade-firewalld-prometheus-configsuse-upgrade-golang-github-lusitaniae-apache_exportersuse-upgrade-golang-github-prometheus-alertmanagersuse-upgrade-golang-github-prometheus-node_exportersuse-upgrade-golang-github-prometheus-prometheussuse-upgrade-golang-github-prometheus-promususe-upgrade-golang-github-qubitproducts-exporter_exportersuse-upgrade-grafanasuse-upgrade-libbind9-1600suse-upgrade-libbind9-1600-32bitsuse-upgrade-libdns1605suse-upgrade-libdns1605-32bitsuse-upgrade-libirs-develsuse-upgrade-libirs1601suse-upgrade-libirs1601-32bitsuse-upgrade-libisc1606suse-upgrade-libisc1606-32bitsuse-upgrade-libisccc1600suse-upgrade-libisccc1600-32bitsuse-upgrade-libisccfg1600suse-upgrade-libisccfg1600-32bitsuse-upgrade-libns1604suse-upgrade-libns1604-32bitsuse-upgrade-prometheus-blackbox_exportersuse-upgrade-prometheus-ha_cluster_exportersuse-upgrade-prometheus-postgres_exportersuse-upgrade-python3-bindsuse-upgrade-spacecmdsuse-upgrade-supportutils-plugin-saltsuse-upgrade-supportutils-plugin-susemanager-clientsuse-upgrade-wire
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.