From 8a698222851ce804e558d5c68ddab013e6b627ca Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 19 Oct 2021 22:26:52 +0530
Subject: [PATCH] Update prometheus-config-endpoint.yaml

---
 exposures/configs/prometheus-config-endpoint.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/exposures/configs/prometheus-config-endpoint.yaml b/exposures/configs/prometheus-config-endpoint.yaml
index b454c38383..bfc9ce9b45 100644
--- a/exposures/configs/prometheus-config-endpoint.yaml
+++ b/exposures/configs/prometheus-config-endpoint.yaml
@@ -1,9 +1,9 @@
 id: prometheus-config-endpoint
 
 info:
-  name: Exposure of sensitive operational information via Prometheus config API endpoint
+  name: Prometheus config API endpoint
   author: geeknik
-  severity: high
+  severity: info
   description: The config endpoint returns the loaded Prometheus configuration file. This file also contains addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder <secret> (although this still leaks the username).
   reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
   tags: prometheus,exposure