The Prometheus SNMP Exporter is the recommended way to expose SNMP data in a format which Prometheus can ingest.
A vulnerability has been discovered in Prometheus SNMP Exporter. Please review the CVE identifier referenced below for details.
A user who knows the password hash of a user capable of performing HTTP basic authentication with a vulnerable exporter can use the hash to successfully authenticate as that user via cache manipulation, without knowing the password from which the hash was derived.
There is no known workaround at this time.
All Prometheus SNMP Exporter users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-metrics/snmp_exporter-0.24.1"