Moderate severityNVD Advisory· Published Nov 29, 2022· Updated Aug 3, 2024
Prometheus Exporter Toolkit vulnerable to basic authentication bypass
CVE-2022-46146
Description
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2022-46146 allows attackers who possess the bcrypt password hash to poison the authentication cache in Prometheus Exporter Toolkit, bypassing basic authentication.
CVE-2022-46146 is a vulnerability in the Prometheus Exporter Toolkit, a Go library that provides basic authentication for Prometheus exporters. To reduce the performance overhead of bcrypt password verification, the toolkit implements a cache keyed by a predictable string: hex(username + hashed password + input password) [1][4]. If an attacker obtains the bcrypt password hash from the web.yml file, they can craft requests that populate the cache with entries for arbitrary passwords, effectively bypassing authentication [4].
Exploitation requires prior access to the bcrypt hash of a valid user's password, which might be obtained through file disclosure or other means. Once the attacker has the hash, they can send HTTP requests with crafted credentials to poison the cache [2]. The cache caches both successful and failed attempts, so by pre-computing a cache entry for a known password guess, the attacker causes subsequent authentication to succeed without needing to compute the bcrypt match [4][3].
Successful exploitation allows an attacker to bypass basic authentication entirely and gain unauthorized access to the exporter's HTTP endpoints [1]. Depending on the exporter's functionality, this could lead to disclosure of Prometheus metrics or other sensitive data.
Mitigation
Versions 0.7.2 and 0.8.2 of the Exporter Toolkit fix the issue by changing the cache key to include a random value, making poisoning infeasible [1]. No workarounds exist; users must upgrade to the patched versions [4].
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/prometheus/exporter-toolkitGo | < 0.7.2 | 0.7.2 |
github.com/prometheus/exporter-toolkitGo | >= 0.8.0, < 0.8.2 | 0.8.2 |
Affected products
203- osv-coords202 versionspkg:apk/chainguard/kube-state-metrics-2.6pkg:apk/chainguard/prometheus-2.38pkg:apk/chainguard/prometheus-2.38-bitnami-compatpkg:apk/chainguard/prometheus-postgres-exporter-0.10pkg:apk/chainguard/prometheus-pushgateway-1.4pkg:apk/chainguard/prometheus-pushgateway-1.4-bitnami-compatpkg:apk/chainguard/prometheus-pushgateway-fips-1.4pkg:golang/github.com/prometheus/exporter-toolkitpkg:rpm/opensuse/bind&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-lusitaniae-apache_exporter&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-prometheus-node_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/golang-github-prometheus-promu&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-QubitProducts-exporter_exporter&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/prometheus-ha_cluster_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/prometheus-postgres_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/prometheus-postgres_exporter&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/supportutils-plugin-salt&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/supportutils-plugin-susemanager-client&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/supportutils-plugin-susemanager-client&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/bind&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/bind&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/golang-packaging&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/prometheus-ha_cluster_exporter&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/prometheus-ha_cluster_exporter&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/prometheus-ha_cluster_exporter&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/prometheus-ha_cluster_exporter&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/prometheus-ha_cluster_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/prometheus-ha_cluster_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/scap-security-guide&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/scap-security-guide&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLSpkg:rpm/suse/spacecmd&distro=SUSE:EL-9:Update:Products:ManagerTools:Updatepkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/system-user-grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/system-user-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%20Module%204.3
< 2.6.0-r1+ 201 more
- (no CPE)range: < 2.6.0-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.4.3-r1
- (no CPE)range: < 1.4.3-r1
- (no CPE)range: < 1.4.3-r4
- (no CPE)range: < 0.7.2
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 0.1.1674034019.a93ff61-150000.1.47.1
- (no CPE)range: < 0.1.1681904360.84ef141-150000.1.50.1
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 0.23.0-150100.4.13.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 2.32.1-150100.4.12.1
- (no CPE)range: < 2.37.6-150100.4.17.1
- (no CPE)range: < 0.14.0-150000.3.12.2
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 8.5.20-150200.3.35.1
- (no CPE)range: < 0.19.0-150000.1.17.2
- (no CPE)range: < 0.24.0-150000.1.23.3
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
- (no CPE)range: < 0.10.1-150000.1.11.4
- (no CPE)range: < 0.10.1-150000.1.14.3
- (no CPE)range: < 4.3.19-150000.3.95.1
- (no CPE)range: < 4.3.21-150000.3.98.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 4.3.3-150000.3.21.2
- (no CPE)range: < 4.3.3-150000.3.21.2
- (no CPE)range: < 0.5.0-150000.1.12.3
- (no CPE)range: < 0.5.0-150000.1.12.3
- (no CPE)range: < 2.9.27-159000.3.9.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 9.16.6-150000.12.65.1
- (no CPE)range: < 0.1.1674034019.a93ff61-150000.1.47.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1674034019.a93ff61-150000.1.47.1
- (no CPE)range: < 1.6-4.9.2
- (no CPE)range: < 1.6-159000.4.9.1
- (no CPE)range: < 1.0.0-1.18.2
- (no CPE)range: < 1.0.0-4.12.4
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-159000.4.12.1
- (no CPE)range: < 1.0.0-1.8.1
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-150000.1.17.2
- (no CPE)range: < 1.0.0-1.8.1
- (no CPE)range: < 0.23.0-1.18.3
- (no CPE)range: < 0.26.0-4.12.4
- (no CPE)range: < 0.23.0-150100.4.13.2
- (no CPE)range: < 0.23.0-150100.4.13.2
- (no CPE)range: < 0.23.0-150100.4.13.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-4.15.4
- (no CPE)range: < 1.5.0-1.6.1
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-150100.3.23.2
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-1.24.4
- (no CPE)range: < 1.5.0-1.6.1
- (no CPE)range: < 2.37.6-150100.4.17.1
- (no CPE)range: < 2.32.1-1.41.1
- (no CPE)range: < 2.45.0-4.33.3
- (no CPE)range: < 2.37.6-150000.3.47.2
- (no CPE)range: < 2.45.0-159000.6.33.1
- (no CPE)range: < 2.32.1-150100.4.12.1
- (no CPE)range: < 2.32.1-150100.4.12.1
- (no CPE)range: < 0.14.0-1.12.1
- (no CPE)range: < 0.14.0-4.12.2
- (no CPE)range: < 0.4.0-1.12.2
- (no CPE)range: < 0.4.0-4.6.2
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-1.6.1
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-150000.1.18.3
- (no CPE)range: < 0.4.0-1.6.1
- (no CPE)range: < 15.0.16-1.3.2
- (no CPE)range: < 8.5.20-150200.3.35.1
- (no CPE)range: < 8.5.20-1.42.1
- (no CPE)range: < 9.5.8-4.21.2
- (no CPE)range: < 8.5.20-150000.1.42.1
- (no CPE)range: < 9.5.8-159000.4.24.1
- (no CPE)range: < 0.1.1687520761.cefb248-4.15.2
- (no CPE)range: < 4.3.7-1.41.1
- (no CPE)range: < 4.3.7-150000.1.41.1
- (no CPE)range: < 5.0.1-4.21.4
- (no CPE)range: < 5.0.1-159000.4.21.1
- (no CPE)range: < 0.19.0-1.17.1
- (no CPE)range: < 0.24.0-3.6.3
- (no CPE)range: < 0.19.0-150000.1.17.2
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.19.0-150000.1.17.2
- (no CPE)range: < 0.19.0-150000.1.17.2
- (no CPE)range: < 0.19.0-150000.1.17.2
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-150000.1.24.1
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-150200.3.21.1
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-4.26.1
- (no CPE)range: < 1.3.1+git.1676027782.ad3c0e9-4.26.1
- (no CPE)range: < 0.10.1-1.11.5
- (no CPE)range: < 0.10.1-3.6.4
- (no CPE)range: < 0.10.1-150000.1.11.4
- (no CPE)range: < 0.10.1-159000.3.6.1
- (no CPE)range: < 0.10.1-1.6.2
- (no CPE)range: < 0.10.1-150000.1.11.4
- (no CPE)range: < 0.10.1-1.6.2
- (no CPE)range: < 2.3.5-15.12.2
- (no CPE)range: < 2.3.5-159000.5.13.1
- (no CPE)range: < 6.7.3-150000.1.6.2
- (no CPE)range: < 6.7.3-159000.3.6.1
- (no CPE)range: < 4.2.13-150300.3.81.1
- (no CPE)range: < 4.3.6-150400.3.63.2
- (no CPE)range: < 4.2.13-150300.3.64.2
- (no CPE)range: < 4.3.6-150400.3.55.4
- (no CPE)range: < 5.0.1-24.30.3
- (no CPE)range: < 5.0.1-159000.6.30.1
- (no CPE)range: < 0.1.69-1.12.2
- (no CPE)range: < 0.1.69-1.12.2
- (no CPE)range: < 4.3.19-38.118.1
- (no CPE)range: < 5.0.1-41.42.3
- (no CPE)range: < 4.3.19-150000.3.95.1
- (no CPE)range: < 5.0.1-159000.6.42.1
- (no CPE)range: < 4.3.23-1.18.2
- (no CPE)range: < 4.3.23-1.18.2
- (no CPE)range: < 4.3.15-52.86.1
- (no CPE)range: < 4.3.15-150000.3.77.1
- (no CPE)range: < 5.0.1-159000.6.48.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-9.9.2
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-159000.5.9.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 1.2.2-150000.3.13.1
- (no CPE)range: < 4.3.3-6.27.2
- (no CPE)range: < 5.0.1-9.15.2
- (no CPE)range: < 4.3.3-150000.3.21.2
- (no CPE)range: < 5.0.1-159000.6.15.1
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 4.3.8-1.33.1
- (no CPE)range: < 5.0.1-3.33.3
- (no CPE)range: < 4.3.8-150000.1.33.1
- (no CPE)range: < 5.0.1-159000.3.33.1
- (no CPE)range: < 4.3.8-150000.1.12.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 4.3.8-150000.1.12.1
- (no CPE)range: < 1.0.14-30.42.1
- (no CPE)range: < 1.0.14-150000.3.35.1
- (no CPE)range: < 1.0.14-150000.3.35.1
- (no CPE)range: < 1.0.14-150000.3.35.1
- prometheus/exporter-toolkitv5Range: < 0.7.2
Patches
25b1eab34484dMerge pull request from GHSA-7rg2-cxvp-9p7p
2 files changed · +56 −2
web/handler.go+8 −2 modified@@ -19,6 +19,7 @@ import ( "encoding/hex" "fmt" "net/http" + "strings" "sync" "github.com/go-kit/log" @@ -113,7 +114,12 @@ func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" } - cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...)) + cacheKey := strings.Join( + []string{ + hex.EncodeToString([]byte(user)), + hex.EncodeToString([]byte(hashedPassword)), + hex.EncodeToString([]byte(pass)), + }, ":") authOk, ok := u.cache.get(cacheKey) if !ok { @@ -122,7 +128,7 @@ func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) u.bcryptMtx.Unlock() - authOk = err == nil + authOk = validUser && err == nil u.cache.set(cacheKey, authOk) }
web/handler_test.go+48 −0 modified@@ -137,6 +137,54 @@ func TestBasicAuthWithFakepassword(t *testing.T) { login() } +// TestByPassBasicAuthVuln tests for CVE-2022-46146. +func TestByPassBasicAuthVuln(t *testing.T) { + server := &http.Server{ + Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("Hello World!")) + }), + } + + done := make(chan struct{}) + t.Cleanup(func() { + if err := server.Shutdown(context.Background()); err != nil { + t.Fatal(err) + } + <-done + }) + + go func() { + flags := FlagConfig{ + WebListenAddresses: &([]string{port}), + WebSystemdSocket: OfBool(false), + WebConfigFile: OfString("testdata/web_config_users_noTLS.good.yml"), + } + ListenAndServe(server, &flags, testlogger) + close(done) + }() + + login := func(username, password string) { + client := &http.Client{} + req, err := http.NewRequest("GET", "http://localhost"+port, nil) + if err != nil { + t.Fatal(err) + } + req.SetBasicAuth(username, password) + r, err := client.Do(req) + if err != nil { + t.Fatal(err) + } + if r.StatusCode != 401 { + t.Fatalf("bad return code, expected %d, got %d", 401, r.StatusCode) + } + } + + // Poison the cache. + login("alice$2y$12$1DpfPeqF9HzHJt.EWswy1exHluGfbhnn3yXhR7Xes6m3WJqFg0Wby", "fakepassword") + // Login with a wrong password. + login("alice", "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSifakepassword") +} + // TestHTTPHeaders validates that HTTP headers are added correctly. func TestHTTPHeaders(t *testing.T) { server := &http.Server{
25288779bc59Merge pull request from GHSA-7rg2-cxvp-9p7p
2 files changed · +56 −2
web/handler.go+8 −2 modified@@ -19,6 +19,7 @@ import ( "encoding/hex" "fmt" "net/http" + "strings" "sync" "github.com/go-kit/log" @@ -113,7 +114,12 @@ func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" } - cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...)) + cacheKey := strings.Join( + []string{ + hex.EncodeToString([]byte(user)), + hex.EncodeToString([]byte(hashedPassword)), + hex.EncodeToString([]byte(pass)), + }, ":") authOk, ok := u.cache.get(cacheKey) if !ok { @@ -122,7 +128,7 @@ func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) u.bcryptMtx.Unlock() - authOk = err == nil + authOk = validUser && err == nil u.cache.set(cacheKey, authOk) }
web/handler_test.go+48 −0 modified@@ -129,6 +129,54 @@ func TestBasicAuthWithFakepassword(t *testing.T) { login() } +// TestByPassBasicAuthVuln tests for CVE-2022-46146. +func TestByPassBasicAuthVuln(t *testing.T) { + server := &http.Server{ + Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("Hello World!")) + }), + } + + done := make(chan struct{}) + t.Cleanup(func() { + if err := server.Shutdown(context.Background()); err != nil { + t.Fatal(err) + } + <-done + }) + + go func() { + flags := FlagConfig{ + WebListenAddresses: &([]string{port}), + WebSystemdSocket: OfBool(false), + WebConfigFile: OfString("testdata/web_config_users_noTLS.good.yml"), + } + ListenAndServe(server, &flags, testlogger) + close(done) + }() + + login := func(username, password string) { + client := &http.Client{} + req, err := http.NewRequest("GET", "http://localhost"+port, nil) + if err != nil { + t.Fatal(err) + } + req.SetBasicAuth(username, password) + r, err := client.Do(req) + if err != nil { + t.Fatal(err) + } + if r.StatusCode != 401 { + t.Fatalf("bad return code, expected %d, got %d", 401, r.StatusCode) + } + } + + // Poison the cache. + login("alice$2y$12$1DpfPeqF9HzHJt.EWswy1exHluGfbhnn3yXhR7Xes6m3WJqFg0Wby", "fakepassword") + // Login with a wrong password. + login("alice", "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSifakepassword") +} + // TestHTTPHeaders validates that HTTP headers are added correctly. func TestHTTPHeaders(t *testing.T) { server := &http.Server{
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
18- github.com/advisories/GHSA-7rg2-cxvp-9p7pghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCA/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-46146ghsaADVISORY
- security.gentoo.org/glsa/202401-15ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2022/11/29/1ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2022/11/29/2ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2022/11/29/4ghsamailing-listWEB
- github.com/prometheus/exporter-toolkit/commit/25288779bc59d00c41b4a1706c6b87f0561ef2d7ghsaWEB
- github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5ghsaWEB
- github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7pghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6YghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JRSHISR64L6QGSMDFZDNPHHIXSCAKK26ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UH24VXIB25OGHF4VGY4PLZMTGTI3BHCAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6YghsaWEB
News mentions
0No linked articles in our index yet.