Over 300,000 Prometheus Instances Found Vulnerable Online
/ 1 min read
🌀 Thousands of Prometheus servers vulnerable to cyberattacks. Cybersecurity researchers have identified significant risks associated with approximately 296,000 publicly accessible Prometheus Node Exporter instances and 40,300 Prometheus servers, which lack proper authentication. These vulnerabilities could lead to information leakage, denial-of-service (DoS) attacks, and remote code execution (RCE) exploits, as attackers can easily access sensitive data like credentials and API keys. The “/debug/pprof” endpoint poses a particular threat, allowing adversaries to overwhelm servers with resource-intensive requests. Additionally, a supply chain risk involving repojacking techniques could enable attackers to introduce malicious exporters. The Prometheus security team has addressed these issues, and organizations are urged to implement robust authentication, limit exposure, and monitor for unusual activity to mitigate risks.
