Security Test: Springboot Actuator Disclosure of Mappings¶
Description¶
Default Severity:
Spring Boot Actuator Disclosure of Mappings happens when your app unintentionally reveals internal details about its endpoints and how it's put together. This happens mostly because the default settings or misconfigurations expose sensitive mappings that were meant to stay hidden. An attacker who sees these details can figure out where exactly to target your app, making it easier to discover other weaknesses. Developers often trip up by assuming that the default configurations protect these endpoints, leaving the door open for attackers to use that internal information as a starting point for exploiting the app.
Configuration¶
Identifier:
information_disclosure/springboot_actuator_mappings
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.10 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-123 |
| FedRAMP | AC-6 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
| CVSS Score | 5.3 |