2024-12-26 12:14:11 Pacfic
Prometheus Servers Exposed to DoS and RCE - 12d
A significant security flaw has been identified in the Prometheus monitoring system, potentially exposing over 300,000 servers and exporters to various cyberattacks. These vulnerabilities, stemming from a lack of proper authentication, enable malicious actors to access sensitive information such as credentials, passwords, and API keys. This lapse in security poses a severe threat, putting organizations that depend on Prometheus for monitoring at risk of data breaches and unauthorized access to their systems.
Attackers can exploit the exposed "/debug/pprof" endpoint, designed for performance profiling, to launch Denial-of-Service (DoS) attacks, causing system instability or complete outages. Furthermore, the "/metrics" endpoint can reveal internal API endpoints, subdomains, and Docker registry details, enabling reconnaissance and further network compromise. Researchers have also found eight Prometheus exporters vulnerable to 'repojacking,' where attackers can introduce malicious code by leveraging the names of deleted or renamed GitHub repositories, potentially leading to remote code execution. Organizations are strongly urged to implement authentication, restrict public access, monitor vulnerable endpoints, and apply repojacking mitigations to mitigate these threats.
ImgSrc: www.aquasec.com
References:
- Cyber Security News - 300,000+ Prometheus Servers Exposed to RepoJacking DoS Flaw - 13d
- The Hacker News - Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online - 13d
- Security Risk Advisors - Over 300,000 Prometheus Servers Exposed to Information Disclosure and DoS Attacks - 12d
- SCM feed for Threat Management - DoS attacks, data compromise threaten over 330K Prometheus instances - 12d
- GBHackers Security - Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit - 12d
- sra.io - Over 300,000 Prometheus Servers Exposed to Information Disclosure and DoS Attacks - 11d
- www.aquasec.com - Over 300,000 Prometheus Servers Exposed to Information Disclosure and DoS Attacks - 11d
- @jbz - 🔥 Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online - 11d
- Vulnerability Archives - 336,000 Prometheus Servers at Risk: Urgent Security Alert - 10d
- The Register - Are your Prometheus servers and exporters secure? Probably not - 10d
Classification:
- HashTags: Prometheus DoS Vulnerability
- Company: Prometheus
- Target: Prometheus Servers
- Product: Prometheus
- Feature: RepoJacking DoS Flaw
- Type: Vulnerability
- Severity: Major