Aqua Security discovered over 296,000 internet-facing Prometheus exporters and 40,000 servers susceptible to security risks, leaving users vulnerable to potential attacks.
Despite prior warnings, the number of exposed Prometheus instances remains alarmingly high, with Aqua's research demonstrating access to sensitive data like authentication tokens and API keys.
The /debug/pprof endpoint has been identified as a potential vector for denial of service attacks, indicating a significant loophole in security practices surrounding Prometheus.
Experts advocate for urgent mitigation measures for the vulnerabilities associated with Prometheus exporters, highlighting that user negligence contributes significantly to potential security breaches.
Collection
[
|
...
]