Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access Prometheus interface without authentication.

Remediation

Restrict access to Prometheus

References

Security Model

Related Vulnerabilities

WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1)

GraphQL Field Suggestions Enabled

Struts 2 development mode

Ruby on Rails weak/known secret token

Typo3 Install Tool publicly accessible

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure