Detect Exposed Prometheus Panel

What is the "Detect Exposed Prometheus Panel?" module?

The "Detect Exposed Prometheus Panel" module is designed to identify instances of the Prometheus Time Series Collection and Processing Server that are exposed to the public internet without proper authentication or authorization. Prometheus is an open-source systems monitoring and alerting tool commonly used in cloud-native environments. This module focuses on detecting misconfigurations that could pose a security risk.

This module has a medium severity level, indicating that the identified misconfigurations could potentially lead to unauthorized access and compromise the security of the Prometheus panel.

Impact

Exposing the Prometheus panel to the public internet without any form of authentication or authorization can allow unauthorized individuals to access and manipulate the monitoring and alerting system. This can lead to unauthorized data access, tampering with metrics, and potential disruption of the monitoring infrastructure.

How does the module work?

The "Detect Exposed Prometheus Panel" module works by sending HTTP requests to the target web servers and analyzing the responses for specific patterns. It looks for the presence of the phrase "Prometheus Time Series Collection and Processing Server" in the response body, indicating the presence of a Prometheus panel.

Here is an example of an HTTP request sent by the module:

GET /graph

The module then applies matching conditions to determine if the response matches the expected pattern. In this case, the module checks if the response body contains the exact phrase "Prometheus Time Series Collection and Processing Server". If a match is found, the module reports the vulnerability.

It's important to note that this module only focuses on detecting the exposure of the Prometheus panel and does not perform any actions beyond reporting the vulnerability.