Is it a security concern that the /metrics endpoint of the Grafana UI is accessible without authentication?
Issue
- If the
Grafana
route is appended with the/metrics
endpoint, then the raw HTML page opens up with updating resources data if the page is refreshed. - Is this a
security concern
and is any critical data being exposed without authentication?
Environment
- Red Hat OpenShift Container Platform
- v3.x
- v4.1.x - v4.8.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.