SYM_CONF_0305 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
A sensitive Spring Boot Actuator endpoint is enabled in your configuration. Exposing non-essential actuator endpoints can allow unauthorized users to access internal application data or controls.
Impact
If exploited, attackers could gain access to sensitive information, application metrics, or even perform administrative actions, potentially leading to data leaks, denial of service, or full system compromise.