Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Prometheus flags API endpoint

By kannthu

Informative
Vidoc logoVidoc Module
#prometheus#leak
Description

Prometheus Flags API Endpoint

The Prometheus Flags API Endpoint module is designed to detect misconfigurations in Prometheus, a monitoring and alerting toolkit. This module has an informative severity level.

Impact

This module detects a potential information leakage vulnerability in Prometheus. By querying the "/api/v1/status/flags" endpoint, it checks for specific response conditions that indicate the presence of sensitive data or misconfigurations.

How the module works?

The module sends a GET request to the "/api/v1/status/flags" endpoint of the target Prometheus instance. It then applies a set of matching conditions to the response to determine if any vulnerabilities or misconfigurations are present.

The matching conditions include:

- Checking if the response status code is 200 - Verifying the presence of specific words in the response body, such as "data" and "config.file" - Ensuring that the response header contains the "application/json" content type

If all the matching conditions are met, the module reports a potential information leakage vulnerability in Prometheus.

It is important to note that this module is designed to provide informative results and does not actively exploit any vulnerabilities.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/api/v1/status/flags
Matching conditions
status: 200and
word: "data":, "config.file":and
word: application/json
Passive global matcher
No matching conditions.
On match action
Report vulnerability