Hello again Grab Security Team !
Following my previous research, it seems that your Microservices architecture you are currently running on *.█████myteksi.net is publicly exposed on another endpoint : https://█████████.█████myteksi.net.
When researching and starting a new enumeration of your different subdomains, I found that https://███.████████myteksi.net is related to your Eureka / Zuul environment and is reachable without any filtering.
This is a quite complex architecture, but I think that it reveals a lot of debug information that could help an attack find a vector, and certainly enables him to do some actions on this infrastructure without any control (this has to be confirmed as I do not want to perform any modification on your curent environment).
In order to understand the way this infrastructure works, I read the following documentation to discover some endpoints and see what could be achieved : http://cloud.spring.io/spring-cloud-static/Finchley.M5/single/spring-cloud.html#_health_indicator_2
Regarding information gathering, there are different endpoints reachable for example :
For the action to be done, we may notice the following (extract from the documentation) :
``` For a Spring Boot Actuator application there are some additional management endpoints:
From my point of view, this is an internal infrastructure that should not be exposed to any Internet user (as for the eureka endpoint previously reported).
Please let me know your thoughts on this,
Thank you !
This is quite difficult to know exactly what could be achieved as the infrastructure is complex. However, I would say that it could first enable an attacker to understand better your infrastructure and identify weaknesses. The other point is that if the attacker is able to perform some actions, this could lead to DoS of this service in some cases and, of course, unexpected behaviour (modfying env properties ...)