Skip to content

Information Disclosure: Springboot Actuator Disclosure of Trace

Identifier: springboot_actuator_trace

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Spring Boot Actuator trace endpoint exposure can reveal sensitive application details including environment settings, configuration details, and request traces that expose internal application workings.

How we test: We attempt to access Spring Boot Actuator trace endpoints and analyze responses to detect if sensitive information is exposed. We check if trace endpoints are accessible and if they disclose sensitive tokens, configuration details, or internal application information.

Configuration

Example

Example configuration:

---
security_tests:
  springboot_actuator_trace:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.