You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
deploy/grafana/charon.json — Panel 9 (build info table)
Query
charon_build_info{instance=~"$instance"}
Problem
The build_info panel displays a table with version and git_sha label values. Issue #214 (no auth on /metrics endpoint) is open from PR #50. The combination means:
This dashboard is the official operator tooling that surfaces git_sha as a named column
Anyone with Grafana read access sees the git SHA of the running binary. Combined with an open-source repository and a public git history, this allows an attacker to identify the exact binary version running and audit it for known unpatched issues before targeting the bot.
Impact
Intelligence leak: exact binary version visible to anyone with Grafana access, which until #213 and #214 are resolved is effectively anyone on the network.
Refs #54
Location
deploy/grafana/charon.json — Panel 9 (build info table)
Query
charon_build_info{instance=~"$instance"}
Problem
The build_info panel displays a table with version and git_sha label values. Issue #214 (no auth on /metrics endpoint) is open from PR #50. The combination means:
Anyone with Grafana read access sees the git SHA of the running binary. Combined with an open-source repository and a public git history, this allows an attacker to identify the exact binary version running and audit it for known unpatched issues before targeting the bot.
Impact
Intelligence leak: exact binary version visible to anyone with Grafana access, which until #213 and #214 are resolved is effectively anyone on the network.
Suggested Fix
Either: