daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update prometheus-flags-endpoint.yaml

patch-1
Prince Chaddha 2021-10-19 20:32:37 +05:30 committed by GitHub
parent eac799774d
commit 10c2314367
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
exposures/configs/prometheus-flags-endpoint.yaml
View File

@ -3,9 +3,9 @@ id: prometheus-flags-endpoint
info:
name: Exposure of sensitive operational information via Prometheus flags API endpoint
author: geeknik
severity: medium
description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
severity: medium
tags: prometheus,exposure
requests:
@ -23,6 +23,11 @@ requests:
- '"config.file":'
condition: and
- type: word
part: header
words:
- 'application/json'
extractors:
- type: regex
name: web_admin_enabled