Supervisor is vulnerable to unauthorized restart and information disclosure. It is possible because the inet HTTP server, which is not enabled by default, does not use authentication by default, allowing an unauthenticated user to access log files or restart a service if the inet HTTP server is enabled.