{"vulnerability": "CVE-2022-46146", "sightings": [{"uuid": "59a93e2c-be61-4fb4-9e27-9ac54763a277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46146", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1619", "content": "#exploit\n1. CVE-2022-3328:\nRace condition in snap-confine's must_mkdir_and_open_with_perms()\nhttps://seclists.org/oss-sec/2022/q4/164\n\n2. CVE-2022-46146:\nAuthentication Bypass in Open-Source Prometheus Project\nhttps://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project\n\n3. CVE-2022-4116:\nQuarkus Java framework RCE\nhttps://joebeeton.github.io\n]-> https://github.com/JoeBeeton/simple-request-attacks", "creation_timestamp": "2022-12-06T04:04:16.000000Z"}, {"uuid": "6bf9c174-20e3-411b-8c55-5d7f7643ddf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46146", "type": "seen", "source": "https://t.me/cibsecurity/53643", "content": "\u203c CVE-2022-46146 \u203c\n\nPrometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T16:28:47.000000Z"}, {"uuid": "3ac6d072-ae5f-4ae3-a87a-143d2ab2983f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-46146", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7281", "content": "#exploit\n1. CVE-2022-3328:\nRace condition in snap-confine's must_mkdir_and_open_with_perms()\nhttps://seclists.org/oss-sec/2022/q4/164\n\n2. CVE-2022-46146:\nAuthentication Bypass in Open-Source Prometheus Project\nhttps://securityonline.info/cve-2022-46146-authentication-bypass-in-open-source-prometheus-project\n\n3. CVE-2022-4116:\nQuarkus Java framework RCE\nhttps://joebeeton.github.io\n]-> https://github.com/JoeBeeton/simple-request-attacks", "creation_timestamp": "2022-12-02T11:01:15.000000Z"}]}