daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update prometheus-config-endpoint.yaml

patch-1
Prince Chaddha 2021-10-19 20:32:48 +05:30 committed by GitHub
parent 7016e71473
commit 8d36ebe1d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
exposures/configs/prometheus-config-endpoint.yaml
View File

@ -3,9 +3,9 @@ id: prometheus-config-endpoint
info:
name: Exposure of sensitive operational information via Prometheus config API endpoint
author: geeknik
severity: high
description: The config endpoint returns the loaded Prometheus configuration file. This file also contains addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder <secret> (although this still leaks the username).
reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
severity: high
tags: prometheus,exposure
requests: