Configuration: Springboot Actuator Restart Misconfiguration¶
Identifier:
springboot_actuator_restart
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
The vulnerability happens when developers leave the Actuator restart endpoint exposed without proper security controls. An attacker can trigger an application restart, which might open the door to other attackscausing downtime or revealing internal details of how the app is configured and managed. Often, this misconfiguration occurs when sensitive endpoints are enabled in production, usually to help with debugging during development, but then not locked down when the app goes live. The impact can be severe, leading not only to disruption of services but also to further exploitation by attackers who gather more insights about the system.
Configuration¶
Example¶
Example configuration:
---
security_tests:
springboot_actuator_restart:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
skip¶
Type : boolean
Skip the test if true.