Skip to content

Information Disclosure: Springboot Actuator Disclosure of Logfile

Identifier: springboot_actuator_logfile

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator logfile endpoint exposure reveals application log files containing sensitive information about internal operations and potential vulnerabilities.

How we test: We attempt to access Spring Boot Actuator logfile endpoints and analyze responses to detect if application logs are exposed. We check if logfile endpoints are accessible and if they disclose sensitive information from log files that could aid attackers.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_logfile:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.