Skip to content

Unauthorized access vulnerability on three interfaces

Moderate
tomsun28 published GHSA-rrc5-qpxr-5jm2 Dec 20, 2023

Package

No package listed

Affected versions

1.4.1

Patched versions

1.4.1

Description

Summary

Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces

Details

The following three interfaces can be accessed without authorization and leak sensitive server information.
http://localhost:1157/actuator/metrics/
http://localhost:1157/actuator/health
http://localhost:1157/actuator/env

PoC

http://localhost:1157/actuator/metrics/
http://localhost:1157/actuator/health
http://localhost:1157/actuator/env

Impact

Disclosure of sensitive server information.

Severity

Moderate

CVE ID

CVE-2023-51650

Weaknesses

No CWEs

Credits