Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access without authentication a web application's metrics exposed for Prometheus.

Remediation

Restrict access to metrics

References

Security Model

Related Vulnerabilities

Apache Axis2 administration console weak password

Web Application Firewall Detected

WordPress Plugin Slideshow Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities (2.1.12)

WordPress Plugin BuddyPress Information Disclosure (5.1.1)

Broken Link Hijacking

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure