Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access Prometheus interface without authentication.

Remediation

Restrict access to Prometheus

References

Security Model

Related Vulnerabilities

Web Cache Poisoning through HTTP/2 pseudo-headers

WordPress Plugin Email Log Information Disclosure (1.9)

WordPress Plugin Clerk Security Bypass (3.8.3)

Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10679)

Oracle E-Business Suite iStore open user registration

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure