Exposure of Sensitive Information to an Unauthorized Actor
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Dangerous Spring Boot Actuator endpoints are enabled, exposing sensitive operational features beyond just ‘health’ checks. This can inadvertently make internal application details or controls accessible over the network.
Impact#
Attackers could access sensitive endpoints to gather information about the application’s internals, modify configurations, or perform destructive actions such as shutting down the service. This can lead to data leaks, service disruption, or unauthorized control over the application.