I Found 10 Critical Vulnerabilities in My Grafana Setup скачать в хорошем качестве

I Found 10 Critical Vulnerabilities in My Grafana Setup

Your Grafana monitoring stack passed "docker compose up" -- but did it pass a security audit? ⚠️ EDUCATIONAL CONTENT: All testing performed against my own isolated homelab. Do not test against systems you don't own or aren't authorized to test. We ran a full vulnerability assessment against a Grafana/Prometheus/cAdvisor/Blackbox monitoring stack deployed the way most people deploy it: default configs, no TLS, no hardening. We found 10 confirmed vulnerabilities and demonstrated 20 exploitation paths -- all from a jump box with nothing but curl. What we found: Prometheus API wide open: 1,096 metrics, full container inventory, kernel version -- zero auth cAdvisor leaking host hardware, disk UUIDs, and every running container Blackbox Exporter as an SSRF proxy: cross-VLAN service discovery through port 9115 OAuth secrets in plaintext across .env, container env, AND docker inspect Disabled users keeping full access via session cookies -- then creating persistent backdoors Admin passwords brute-forced in 5 guesses with zero rate limiting All traffic in cleartext HTTP -- credentials decoded from base64 in one command Every vulnerability gets two steps: PROVE IT (demonstrate it exists) and BREAK IT (show what an attacker does with it). No theory. No slides. Just terminals and curl. Compliance frameworks violated: NIST 800-53, SOC 2, CIS Controls v8, PCI-DSS v4.0, CIS Docker Benchmark, OWASP ASVS. Part 2 (hardening) coming soon -- 6 phases, every vuln gets fixed and verified. WALKTHROUGH BLOG with all 98 commands: https://oobskulden.com/2026/02/15-vulnerab... CHAPTERS: 00:00 Intro 00:54 Initial Check 02:52 VULN-01: Grafana Default Credentials 04:38 BRK-01: Grafana Default Credentials 05:58 VULN-02: Prometheus Unauthenticated -- PROVE IT 08:49 BRK-02: Prometheus Unauthenticated -- BREAK IT 10:43 VULN-03: cAdvisor Exposed -- PROVE IT 12:16 BRK-03: cAdvisor Exposed -- BREAK IT 14:24 VULN-04: Blackbox SSRF -- PROVE IT 16:14 BRK-04: Blackbox SSRF -- BREAK IT 18:55 VULN-05: OAuth Secret Exposure -- PROVE IT 22:14 BRK-05: OAuth Secret Exposure -- BREAK IT 26:50 VULN-06: Session Persistence -- PROVE IT 32:55 BRK-06: Session Persistence -- BREAK IT 38:59 VULN-07: No Rate Limiting -- PROVE IT 40:32 BRK-07: No Rate Limiting -- BREAK IT 43:14 VULN-09: Container Hardening -- PROVE IT 45:04 BRK-09: Container Hardening -- BREAK IT 46:07 VULN-10: No TLS -- PROVE IT 48:28 BRK-10: No TLS -- BREAK IT 50:20 In Summary 51:30 DISCLAIMER This content is produced in my personal capacity and does not represent the views, tools, or practices of my employer. Published by Oob Skulden(TM) Stay Paranoid.