100 matches found
cc.vihackerframework:vihacker-auth-starter (=1.0.8.R), cc.vihackerframework:vihacker-common-starter (=1.0.8.R) +786 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.0.5)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.4.0 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W546-PJ7F...
ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5083 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...
ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +829 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.6.0 <=2.6.14)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.6.0, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.0, =1.1.2, =1.1.4 - cn.kduck:kduck-security =1.1.2 - cn.kduck:kduck-security-principal =1.1.2 and more Source cves: CVE-2023-20873 Source advisory:...
This Week in Spring - April 18th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I just returned from Western Europe for Devoxx FR Paris and Kotlin Conf Amsterdam. I went home, saw my family, did some laundry, and then turned right back around to head to Chicago, Illinois, for a special joint...
CVE-2022-23726
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...
CVE-2022-23726
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...
Information disclosure
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...
CVE-2022-23726
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...
Spring Boot Actuator Detected
This is an informational notice that the scanner was able to detect an accessible Spring Actuator. Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the 'health' endpoint provides basi...
Spring Boot Actuator Logview < 0.2.13 Directory Traversal
Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...
Security Restriction Bypass
spring-boot-actuator is vulnerable to security restriction bypass. Lack of secure handling of HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping causes the exposure of those resources and request mapping, leading to...
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
CVE-2021-21234
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
Directory traversal
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
CVE-2021-21234 Directory Traversal
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...
Directory Traversal in spring-boot-actuator-logview
Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...
Stripo Inc: Memory Dump and Env Disclosure via Spring Boot Actuator
Memory Dump and Env Disclosure via Spring Boot Actuator Spring boot actuator files/endpoints can be accessed via path like stripo.email/██████/actuator/, including a 110 MB heapdump file, which expose source code, private keys and some internal data! The maximum severity of this asset is medium, ...
GitHub Security Lab: CodeQL query to detect open Spring Boot actuator endpoints
This bug was reported directly to GitHub Security Lab...
LY Corporation: Spring Actuator endpoints publicly available and broken authentication
Due to insufficient access control, it was possible to access the Spring Boot Actuator endpoints /heapdump and /env. @kazan71p identified two highly sensitive applications leaking information through these endpoints. The LINE Security team shutdown the secondary endpoints just as it was discovere...
Spring Boot Actuator Command Execution Vulnerability
Actuators are one of the four main features proposed in Spring Boot to simplify Spring development. A command execution vulnerability exists in Spring Boot Actuator, which can be exploited by an attacker to execute arbitrary commands by constructing a malicious request...