Security researchers from Aqua Security have uncovered significant vulnerabilities affecting thousands of Prometheus monitoring servers and exporters. The investigation reveals that approximately 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers are publicly accessible, creating a substantial security risk.
Key Vulnerabilities:
1. Information Leakage
– Exposed servers lacking proper authentication
– Potential disclosure of sensitive data including credentials, API keys, and authentication tokens
– Access to internal API endpoints, subdomains, and Docker registry information
2. Security Threats
– Denial-of-Service (DoS) vulnerability through “/debug/pprof” endpoints
– Remote Code Execution (RCE) risks
– Supply chain threats via repojacking techniques on GitHub repositories
3. Critical Findings
– Eight exporters in Prometheus’ official documentation vulnerable to RepoJacking
– Potential for malicious third-party exporters to compromise systems
– Risk of server crashes through CPU and memory-intensive profiling tasks
Recommended Security Measures:
– Implement robust authentication methods
– Restrict public access to servers
– Monitor debug endpoints for suspicious activity
– Guard against RepoJacking attacks
The Prometheus security team has addressed these vulnerabilities as of September 2024, but organizations must remain vigilant in implementing security measures to protect their infrastructure.