Grafana Metrics Exposure

Grafana is an open source, metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. It allows users to view and monitor visualizations based on metrics stored in these systems.

Impact

Attackers can retrieve various system metrics, application paths and other useful information.

Solution

Ensure that the metrics endpoint is blocked or protected by enforcing authentication.