Product

Prometheus

2 briefs RSS

Prometheus Azure AD Remote Write OAuth Client Secret Exposure

The client_secret field in Prometheus' Azure AD remote write OAuth configuration was exposed in plaintext via the `/-/config` HTTP API endpoint, due to being incorrectly typed as a string, potentially allowing unauthorized access to sensitive credentials.

prometheus/prometheus credential-access configuration-exposure cloud

2r 1t 1c May 6, 2026

high threat

Multiple Vulnerabilities in Prometheus Allow for DoS, Information Disclosure, and XSS

2 rules 2 TTPs

Multiple vulnerabilities in Prometheus could allow an attacker to perform a Denial of Service attack, disclose sensitive information, or execute Cross-Site Scripting attacks.

Prometheus vulnerability denial-of-service information-disclosure cross-site-scripting

2r 2t May 5, 2026