Thegameprofi

**Name of the Vulnerable Software and Affected Versions** Scraparr versions 3.0.0-beta through 3.0.1 **Description** Scraparr, a Prometheus Exporter for the *arr Suite, disclosed Readarr API keys when the Readarr integration was enabled. This occurred because the exporter exposed the configured Readarr API key as the alias metric label value. The issue affected users if Readarr scraping was enabled with no alias configured, the exporter’s `/metrics` endpoint was accessible to external or unauthorized users, and the Readarr instance was externally accessible. If the `/metrics` endpoint was publicly accessible, the Readarr API key could be disclosed via exported metrics data. The vulnerable parameter is the `alias` metric label value. **Recommendations** Upgrade to version 3.0.2 or later.