diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 8175d88e27b47..807eceae52593 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,44 @@ + + node_exporter -- bypass security with cache poisoning + + + node_exporter + 1.5.0 + + + + +

Prometheus team reports:

+
+

+ Prometheus and its exporters can be secured by a web.yml file that + specifies usernames and hashed passwords for basic authentication. + Passwords are hashed with bcrypt, which means that even if you have + access to the hash, it is very hard to find the original password + back. Passwords are hashed with bcrypt, which means that even if you + have access to the hash, it is very hard to find the original + password back. However, a flaw in the way this mechanism was + implemented in the exporter toolkit makes it possible with people + who know the hashed password to authenticate against Prometheus. + A request can be forged by an attacker to poison the internal cache + used to cache the computation of hashes and make subsequent requests + successful. This cache is used in both happy and unhappy scenarios + in order to limit side channel attacks that could tell an attacker + if a user is present in the file or not. +

+
+ + + + CVE-2022-46146 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146 + + + 2021-11-28 + 2023-02-04 + + + Asterisk -- multiple vulnerabilities