Grafana Metrics Exposure
Grafana metrics are publicly accessible.
- grafana
- metrics
- exposure
Grafana is an open source, metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. It allows users to view and monitor visualizations based on metrics stored in these systems.
Impact
Attackers can retrieve various system metrics, application paths and other useful information.
Solution
Ensure that the metrics endpoint is blocked or protected by enforcing authentication.
Was this page helpful?