Prometheus enables the pprof debug tool by default. How to disable pprof?

Prometheus enables the pprof debug tool by default, and the vulnerability scanning tool finds sensitive information leaks. How to disable pprof?


Has the tool actually found an information leak? Or is it just warning of a potential leak?

Vulnerability scans are prone to false positives. This is likely the case here, as pprof is generally considered a safe endpoint. No more or less sensitive as the Prometheus HTTP API itself.

Have the bloggers finally resolved this issue? How to disable pprof?

Hi All, has any one figured out how to workaround this, i.e., disable pprof? We’re also getting vuln report on this for all our nodes.

2 Likes

maybe the last resort would rebuild the prometheus binary with some code change to disable pprof.