Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
A sensitive Spring Boot Actuator endpoint is enabled in your configuration. Exposing non-essential actuator endpoints can allow unauthorized users to access internal application data or controls.
Impact#
If exploited, attackers could gain access to sensitive information, application metrics, or even perform administrative actions, potentially leading to data leaks, denial of service, or full system compromise.