CVE-2020-16248

MEDIUM NUCLEI

Prometheus Blackbox Exporter < 0.17.0 - SSRF

Title source: rule

Description

Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability

Nuclei Templates (1)

Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
MEDIUMVERIFIEDby DhiyaneshDk
Shodan: title:"Blackbox Exporter"
FOFA: title="Blackbox Exporter"

References (5)

Scores

CVSS v3 5.8
EPSS 0.0364
EPSS Percentile 87.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
prometheus/blackbox_exporter < 0.17.0
Published Aug 09, 2020
Tracked Since Feb 18, 2026