id: prometheus-config info: name: Prometheus Config API Endpoint Discovery author: geeknik severity: info description: A Prometheus config API endpoint was discovered. The config endpoint returns the loaded Prometheus configuration file along with the addresses of targets and alerting/discovery services alongside the credentials required to access them. Usually, Prometheus replaces the passwords in the credentials config configuration field with the placeholder (although this still leaks the username). reference: - https://jfrog.com/blog/dont-let-prometheus-steal-your-fire/ tags: prometheus,config,misconfig metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/api/v1/status/config" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - '"status": "success":' - '"data":' - '"yaml":' condition: and - type: word part: header words: - 'application/json'