daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update prometheus-config-endpoint.yaml

patch-1
Prince Chaddha 2021-10-19 22:26:52 +05:30 committed by GitHub
parent 8d36ebe1d6
commit 8a69822285
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
exposures/configs/prometheus-config-endpoint.yaml
View File

@ -1,9 +1,9 @@
id: prometheus-config-endpoint
info:
name: Exposure of sensitive operational information via Prometheus config API endpoint
name: Prometheus config API endpoint
author: geeknik
severity: high
severity: info
description: The config endpoint returns the loaded Prometheus configuration file. This file also contains addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder <secret> (although this still leaks the username).
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
tags: prometheus,exposure