id: unauthenticated-alert-manager info: name: Alert Manager - Unauthenticated Access author: dhiyaneshDK severity: high description: Alert Manager was able to be accessed with no authentication requirements in place. metadata: shodan-query: http.title:"Alertmanager" tags: unauth,alertmanager requests: - method: GET path: - "{{BaseURL}}/#/alerts" matchers-condition: and matchers: - type: word words: - 'Alertmanager' - type: status status: - 200 # Enhanced by mp on 2022/07/21