CVE-2023-26735 – CVE-2023-26735 is an access control vulnerabili... (How to Fix)

Q: What is the severity of CVE-2023-26735?

CVE-2023-26735 has a CVSS score of 7.5 (HIGH). CVE-2023-26735 is an access control vulnerability in blackbox_exporter v0.23.0 that allows attackers to probe internal network ports and services through the probe interface. This can lead to information disclosure about internal infrastructure. Organizations using blackbox_exporter v0.23.0 without proper authentication are affected.

📋 TL;DR

CVE-2023-26735 is an access control vulnerability in blackbox_exporter v0.23.0 that allows attackers to probe internal network ports and services through the probe interface. This can lead to information disclosure about internal infrastructure. Organizations using blackbox_exporter v0.23.0 without proper authentication are affected.

💻 Affected Systems

Products:

Prometheus blackbox_exporter

Versions: v0.23.0

Operating Systems: All platforms running blackbox_exporter

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is disputed because authentication can be configured; default configuration may not have authentication enabled.

📦 What is this software?

Blackbox Exporter by Prometheus

View all CVEs affecting Blackbox Exporter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers map internal network topology, discover sensitive services, and potentially download internal resources, enabling further attacks.

🟠

Likely Case

Information disclosure about internal services and ports, potentially revealing vulnerable systems for targeted attacks.

🟢

If Mitigated

Minimal impact if proper authentication is configured as recommended by the vendor.

🌐 Internet-Facing: MEDIUM - If exposed without authentication, attackers can probe internal network from internet.

🏢 Internal Only: LOW - Internal attackers already have network access; this provides additional reconnaissance capability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to blackbox_exporter probe interface; no authentication bypass needed if not configured.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.24.0 and later

Vendor Advisory: https://github.com/prometheus/blackbox_exporter/issues/1024

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download blackbox_exporter v0.24.0 or later from GitHub releases. 3. Replace binary and restart service. 4. Verify authentication is properly configured.

🔧 Temporary Workarounds

Enable authentication

all

Configure TLS and basic authentication for blackbox_exporter as documented

# Configure basic auth in blackbox_exporter.yml
# See: https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication

Network segmentation

linux

Restrict access to blackbox_exporter probe interface using firewall rules

# Example iptables rule to restrict access
iptables -A INPUT -p tcp --dport 9115 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 9115 -j DROP

🧯 If You Can't Patch

Enable authentication with strong credentials immediately
Implement network controls to restrict access to blackbox_exporter to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check if running blackbox_exporter v0.23.0 and if authentication is not configured in blackbox_exporter.yml

Check Version:

./blackbox_exporter --version

Verify Fix Applied:

Verify version is v0.24.0+ and authentication is properly configured and tested

📡 Detection & Monitoring

Log Indicators:

Unauthorized probe requests from unexpected sources
Multiple failed authentication attempts

Network Indicators:

Unusual port scanning patterns originating from blackbox_exporter host
Probe requests to internal IP ranges from external sources

SIEM Query:

source="blackbox_exporter" AND (event="probe" AND NOT src_ip IN [trusted_ips])

📊 Metadata

CVE ID: CVE-2023-26735

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-918

Published: April 26, 2023

Last Updated: February 4, 2025

🔗 References

http://blackboxexporter.com Broken Link
http://prometheus.com Broken Link
https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication Product
https://github.com/prometheus/blackbox_exporter/issues/1024 Issue Tracking
https://github.com/prometheus/blackbox_exporter/issues/1025 Issue Tracking
https://github.com/prometheus/blackbox_exporter/issues/1026 Issue Tracking
http://blackboxexporter.com Broken Link
http://prometheus.com Broken Link
https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication Product
https://github.com/prometheus/blackbox_exporter/issues/1024 Issue Tracking
https://github.com/prometheus/blackbox_exporter/issues/1025 Issue Tracking
https://github.com/prometheus/blackbox_exporter/issues/1026 Issue Tracking
https://github.com/prometheus/blackbox_exporter#tls-and-basic-authentication Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26735, you might also want to check these: