daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update prometheus-flags-endpoint.yaml

patch-1
Prince Chaddha 2021-10-19 22:26:31 +05:30 committed by GitHub
parent 2893847959
commit 1d70ac6ccb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
exposures/configs/prometheus-flags-endpoint.yaml
View File

@ -1,9 +1,9 @@
id: prometheus-flags-endpoint id: prometheus-flags-endpoint
info: info:
name: Exposure of sensitive operational information via Prometheus flags API endpoint name: Prometheus flags API endpoint
author: geeknik author: geeknik
severity: medium severity: info
description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username. description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
tags: prometheus,exposure tags: prometheus,exposure