Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access Prometheus interface without authentication.

Remediation

Restrict access to Prometheus

References

Security Model

Related Vulnerabilities

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)

WordPress Plugin Media Library Assistant Information Disclosure (3.00)

WordPress plugin Slider Revolution arbitrary file disclosure

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-5682)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure