Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access without authentication a web application's metrics exposed for Prometheus.

Remediation

Restrict access to metrics

References

Security Model

Related Vulnerabilities

WordPress Plugin WP Import Export Information Disclosure (3.9.15)

GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability

WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)

WordPress Plugin Advanced File Manager Information Disclosure (5.2.4)

WordPress Plugin Media Library Assistant Information Disclosure (3.00)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure