Skip to content

Information Disclosure: Springboot Actuator Disclosure of Thread Dump

Identifier: springboot_actuator_dump

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator thread dump endpoint exposure reveals detailed thread execution information, potentially exposing internal application mechanics and vulnerabilities.

How we test: We attempt to access Spring Boot Actuator thread dump endpoints and analyze responses to detect if thread execution details are exposed. We check if dump endpoints are accessible and if they disclose sensitive information about thread states, method execution, and internal application mechanics.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_dump:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.