H3-2022-0032
Unauthenticated Access to Prometheus Alertmanager
Category | SECURITY_MISCONFIGURATION |
Base Score | 5.3 |
Description
The Prometheus Alertmanager application requires no authentication.
Impact
An unauthenticated attacker can access potentially sensitive alert data, access any stored secrets, and perform server-side request forgert (SSRF) attacks to leak additional sensitive data.