Other researchers have been shouting from the rooftops for years now
The bugs could be used to steal credentials, run arbitrary code, or mount DoS attacks
Prometheus, an open source monitoring and alerting toolkit, is reportedly flawed in a way that allows cybercriminals to steal sensitive information, run denial-of-service (DoS) attacks, and even execute arbitrary code, remotely.
Designed for recording and querying metrics from systems, containers, and applications in real time, Prometheus features a powerful query language (PromQL), time-series data storage, and integrations with visualization tools like Grafana. Furthermore, it supports flexible alerting through its Alertmanager, enabling notifications based on complex conditions across diverse endpoints.