id: unauthenticated-alert-manager

info:
  name: Alert Manager - Unauthenticated Access
  author: dhiyaneshDK
  severity: high
  description: Alert Manager was able to be accessed with no authentication requirements in place.
  metadata:
    max-request: 1
    shodan-query: http.title:"Alertmanager"
  tags: unauth,alertmanager,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/#/alerts"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<title>Alertmanager</title>'

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100dab26c880087c30cdab09df15c9162594c0236086943481a0651b06114fa4d3e022100c434ec5e6f764b02bf0e37e4ebb1e9d78ce89706c9ace105a4dae85a21e8b125:922c64590222798bb761d5b6d8e72950