Spring Actuator Information Leak

Risk:
Medium

Type:
Active

CWE:
CWE-215

Summary: Spring Actuator for Health is enabled and may reveal sensitive information about this application. Spring Actuators can be used for real monitoring purposes, but should be used with caution as to not expose too much information about the application or the infrastructure running it.

Solution: Disable the Health Actuators and other actuators, or restrict them to administrative users.

References: https://docs.spring.io/spring-boot/docs/current/actuator-api/htmlsingle/#overview

Free security scan for your website

Don't show website scan report rating on the leaderboard