Skip to content

Information Disclosure: Springboot Actuator Disclosure of Environment

Identifier: springboot_actuator_env

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator environment endpoint exposure reveals sensitive environment variables and configuration details, potentially exposing credentials and internal settings.

How we test: We attempt to access Spring Boot Actuator environment endpoints and analyze responses to detect if environment variables and configuration details are exposed. We check if environment endpoints are accessible and if they disclose sensitive information such as credentials, API keys, or internal settings.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_env:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.