Prometheus exporter-toolkit contains a serious basic‑authentication bypass that can be triggered when an attacker has access to a Prometheus-style web.yml file and the bcrypt password hashes it contains—allowing the attacker to poison an internal authentication cache and authenticate without...
