H3-2022-0059
Spring Boot Configuration Properties Actuator Exposed
Category | SECURITY_MISCONFIGURATION |
Base Score | 4.5 |
Description
Spring Boot includes a number of built-in endpoints which let you monitor and interact with your application.
Impact
The configprops actuator displays a list of all configuration properties and should never be exposed in a production environment.