Update prometheus-flags-endpoint.yaml
parent
eac799774d
commit
10c2314367
|
@ -3,9 +3,9 @@ id: prometheus-flags-endpoint
|
||||||
info:
|
info:
|
||||||
name: Exposure of sensitive operational information via Prometheus flags API endpoint
|
name: Exposure of sensitive operational information via Prometheus flags API endpoint
|
||||||
author: geeknik
|
author: geeknik
|
||||||
|
severity: medium
|
||||||
description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
|
description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
|
||||||
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
|
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
|
||||||
severity: medium
|
|
||||||
tags: prometheus,exposure
|
tags: prometheus,exposure
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,6 +23,11 @@ requests:
|
||||||
- '"config.file":'
|
- '"config.file":'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- 'application/json'
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: regex
|
- type: regex
|
||||||
name: web_admin_enabled
|
name: web_admin_enabled
|
||||||
|
|
Loading…
Reference in New Issue