Home / Vulnerability Database / Config files : Unsafe configuration of Spring Actuator Endpoints

Config files

Config files : Unsafe configuration of Spring Actuator Endpoints

Classification

OWASP Top 10 2013

A5-Security Misconfiguration

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

CWE

CWE-1031

Overview

The application uses Spring Actuator Endpoints with an unsafe configuration.

The program disables the requirement to authenticate various actuators when transmitting data over HTTP, which allows attackers to monitor various aspects of the application, including confidential data.

References

Endpoints
Spring Boot Reference Guide
CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control

MEDIUM

Config files : Unsafe configuration of Spring Actuator Endpoints

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Config files : Unsafe configuration of Spring Actuator Endpoints in your application?

See also

Config files : Text4Shell Vulnerability

Config files : Incorrect directory deletion

Config files : Code injection