Unrestricted access to Prometheus

Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access Prometheus interface without authentication.

Remediation

Restrict access to Prometheus

References

Security Model

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.29)

WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)

PHP X Prober publicly accessible

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities