CyberSecurity news
FlagThis
@www.aquasec.com
//
A significant security flaw has been identified in the Prometheus monitoring system, potentially exposing over 300,000 servers and exporters to various cyberattacks. These vulnerabilities, stemming from a lack of proper authentication, enable malicious actors to access sensitive information such as credentials, passwords, and API keys. This lapse in security poses a severe threat, putting organizations that depend on Prometheus for monitoring at risk of data breaches and unauthorized access to their systems.
Attackers can exploit the exposed "/debug/pprof" endpoint, designed for performance profiling, to launch Denial-of-Service (DoS) attacks, causing system instability or complete outages. Furthermore, the "/metrics" endpoint can reveal internal API endpoints, subdomains, and Docker registry details, enabling reconnaissance and further network compromise. Researchers have also found eight Prometheus exporters vulnerable to 'repojacking,' where attackers can introduce malicious code by leveraging the names of deleted or renamed GitHub repositories, potentially leading to remote code execution. Organizations are strongly urged to implement authentication, restrict public access, monitor vulnerable endpoints, and apply repojacking mitigations to mitigate these threats.
References :
Attackers can exploit the exposed "/debug/pprof" endpoint, designed for performance profiling, to launch Denial-of-Service (DoS) attacks, causing system instability or complete outages. Furthermore, the "/metrics" endpoint can reveal internal API endpoints, subdomains, and Docker registry details, enabling reconnaissance and further network compromise. Researchers have also found eight Prometheus exporters vulnerable to 'repojacking,' where attackers can introduce malicious code by leveraging the names of deleted or renamed GitHub repositories, potentially leading to remote code execution. Organizations are strongly urged to implement authentication, restrict public access, monitor vulnerable endpoints, and apply repojacking mitigations to mitigate these threats.
Share:
References :
- cyberpress.org: 300,000+ Prometheus Servers Exposed to RepoJacking DoS Flaw
- The Hacker News: Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
- Security Risk Advisors: Over 300,000 Prometheus Servers Exposed to Information Disclosure and DoS Attacks
- www.scworld.com: DoS attacks, data compromise threaten over 330K Prometheus instances
- gbhackers.com: Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit
- sra.io: Over 300,000 Prometheus Servers Exposed to Information Disclosure and DoS Attacks
- www.aquasec.com: Over 300,000 Prometheus Servers Exposed to Information Disclosure and DoS Attacks
- indieweb.social: 🔥 Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
- securityonline.info: 336,000 Prometheus Servers at Risk: Urgent Security Alert
- The Register - Security: Are your Prometheus servers and exporters secure? Probably not
Classification:
- HashTags: #Prometheus #DoS #Vulnerability
- Company: Prometheus
- Target: Prometheus Servers
- Product: Prometheus
- Feature: RepoJacking DoS Flaw
- Type: Vulnerability
- Severity: Major