More than 330,000 internet-exposed Prometheus monitoring and alerting toolkit servers and exporters could be subjected to data exfiltration and denial-of-service attacks due to improper authentication and exposed "debug//pprof" endpoints, respectively, reports The Hacker News.
Aside from disrupting servers through a deluge of requests to "debug/pprof/heap" and other endpoints, attackers could also exploit Prometheus' "metrics" endpoint to obtain information from internal API endpoints, Docker registries, subdomains, and images that could be leveraged for reconnaissance efforts, according to an analysis from Aqua Security's Nautilus threat researchers. Additional findings revealed eight Prometheus exporters to be susceptible to repojacking intrusions. "Unsuspecting users following the documentation could unknowingly clone and deploy this malicious exporter, leading to remote code execution on their systems," said researchers, who urged the immediate implementation of sufficient authentication approaches and limited public access for Prometheus servers and exporters. Organizations have also been recommended to track endpoints and adopt repojacking mitigations.
