Skip to content

Information Disclosure: Springboot Actuator Disclosure of Mappings

Identifier: springboot_actuator_mappings

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator mappings endpoint exposure reveals internal endpoint details and application structure, enabling attackers to identify targets and discover vulnerabilities.

How we test: We attempt to access Spring Boot Actuator mappings endpoints and analyze responses to detect if internal endpoint mappings are exposed. We check if mappings endpoints are accessible and if they disclose sensitive information about application structure and endpoints.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_mappings:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.