Date: Mon, 30 Jan 2023 10:30:43 GMT From: =?utf-8?Q?Fernando=20Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: e4bc259a1313 - main - security/vuxml: add net-mgmt/prometheus basic authentication bypass Message-ID: <202301301030.30UAUhJL026017@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=e4bc259a13130d5c9440ee6913b69baab43f48ff commit e4bc259a13130d5c9440ee6913b69baab43f48ff Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2023-01-30 10:16:35 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2023-01-30 10:26:13 +0000 security/vuxml: add net-mgmt/prometheus basic authentication bypass CVE-2022-46146 PR: 269153 Reported by: dor.bsd@xm0.uk (maintainer) --- security/vuxml/vuln/2023.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index bc3205cfa2aa..69a71f064588 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,44 @@ + <vuln vid="791a09c5-a086-11ed-954d-b42e991fc52e"> + <topic>prometheus2 -- basic authentication bypass</topic> + <affects> + <package> + <name>prometheus</name> + <range><lt>0.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Prometheus team reports:</p> + <blockquote cite="https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p">; + <p> + Prometheus and its exporters can be secured by a web.yml file that + specifies usernames and hashed passwords for basic authentication. + Passwords are hashed with bcrypt, which means that even if you have + access to the hash, it is very hard to find the original password + back. Passwords are hashed with bcrypt, which means that even if you + have access to the hash, it is very hard to find the original + password back. However, a flaw in the way this mechanism was + implemented in the exporter toolkit makes it possible with people + who know the hashed password to authenticate against Prometheus. + A request can be forged by an attacker to poison the internal cache + used to cache the computation of hashes and make subsequent requests + successful. This cache is used in both happy and unhappy scenarios + in order to limit side channel attacks that could tell an attacker + if a user is present in the file or not. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-46146</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146</url>; + </references> + <dates> + <discovery>2022-11-28</discovery> + <entry>2023-01-30</entry> + </dates> + </vuln> + <vuln vid="3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202301301030.30UAUhJL026017>