Description
Prometheus is a monitoring system and time series database
Acunetix determined that it was possible to access without authentication a web application's metrics exposed for Prometheus.
Remediation
Restrict access to metrics
References
Related Vulnerabilities
WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)
WordPress Plugin wptf-image-gallery Arbitrary File Download (1.0.3)
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)
WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-5104)