As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk.
The fact that sensitive information, such as credentials, passwords, authentication tokens, and API keys, could be leaked through internet-exposed Prometheus servers has been documented previously by JFrog in 2021 and Sysdig in 2022.
“Unauthenticated Prometheus servers enable direct querying of internal data, potentially exposing secrets that attackers can exploit to gain an initial foothold in various organizations,” the researchers said.
Leave a reply