Description

Prometheus is a monitoring system and time series database

Acunetix determined that it was possible to access without authentication a web application's metrics exposed for Prometheus.

Remediation

Restrict access to metrics

References

Security Model

Related Vulnerabilities

SSL Certificate Is About To Expire

WordPress Plugin Cherry Team Members Information Disclosure (1.4.1)

phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6048)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)

WordPress Plugin Store Locator Plus for WordPress Multiple Vulnerabilities (3.0.1)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure