Create prometheus-flags-endpoint.yaml

2021-10-18 13:36:27 -05:00 · 2021-10-18 13:36:27 -05:00 · a8a063d14c
parent b9392d5a3e
commit a8a063d14c
1 changed files with 24 additions and 0 deletions
--- a/exposures/configs/prometheus-flags-endpoint.yaml
+++ b/exposures/configs/prometheus-flags-endpoint.yaml
@ -0,0 +1,24 @@
+id: prometheus-flags-endpoint
+
+info:
+  name: Exposure of sensitive operational information via Prometheus flags API endpoint
+  author: geeknik
+  description: The flags endpoint provides a full path to the configuration file. If the file is stored in the home directory, it may leak a username.
+  reference: https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/
+  severity: medium
+  tags: prometheus,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/api/v1/status/config"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+        words:
+          - '"data":'
+          - '"config.file":'
+        condition: and