Information Disclosure: Springboot Actuator Disclosure of Logfile¶
Identifier:
springboot_actuator_logfile
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
Spring Boot Actuator Disclosure of Logfile happens when your app unintentionally reveals internal details about its endpoints and how it's put together. This happens mostly because the default settings or misconfigurations expose sensitive logfile that were meant to stay hidden. An attacker who sees these details can figure out where exactly to target your app, making it easier to discover other weaknesses. Developers often trip up by assuming that the default configurations protect these endpoints, leaving the door open for attackers to use that internal information as a starting point for exploiting the app.
Configuration¶
Example¶
Example configuration:
---
security_tests:
springboot_actuator_logfile:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.