Lucene search
K

100 matches found

vulnersOsv
vulnersOsv
added 2023/04/20 9:33 p.m.4 views

cc.vihackerframework:vihacker-auth-starter (=1.0.8.R), cc.vihackerframework:vihacker-common-starter (=1.0.8.R) +786 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.0.5)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.4.0 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W546-PJ7F...

9.8CVSS7.2AI score0.01122EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/20 9:33 p.m.6 views

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5083 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...

9.8CVSS7.2AI score0.01122EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/20 9:33 p.m.5 views

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +829 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.6.0, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.0, =1.1.2, =1.1.4 - cn.kduck:kduck-security =1.1.2 - cn.kduck:kduck-security-principal =1.1.2 and more Source cves: CVE-2023-20873 Source advisory:...

9.8CVSS7.2AI score0.01122EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/04/18 12:0 a.m.8 views

This Week in Spring - April 18th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I just returned from Western Europe for Devoxx FR Paris and Kotlin Conf Amsterdam. I went home, saw my family, did some laundry, and then turned right back around to head to Chicago, Illinois, for a special joint...

6.6AI score
Exploits0
OSV
OSV
added 2022/09/30 3:15 p.m.3 views

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

4.9CVSS5.8AI score0.0056EPSS
Exploits0References2
NVD
NVD
added 2022/09/30 3:15 p.m.23 views

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

5.4CVSS0.0056EPSS
Exploits0References2
Prion
Prion
added 2022/09/30 3:15 p.m.13 views

Information disclosure

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

3.3CVSS5.3AI score0.0056EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/30 2:35 p.m.7 views

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

5.4CVSS5.7AI score0.0056EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.11 views

Spring Boot Actuator Detected

This is an informational notice that the scanner was able to detect an accessible Spring Actuator. Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the 'health' endpoint provides basi...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/03/24 12:0 a.m.23 views

Spring Boot Actuator Logview < 0.2.13 Directory Traversal

Spring Boot Actuator Logview is a library that adds a simple logfile viewer as Spring Boot Actuator endpoint. In Spring Boot Actuator Logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin Spring Boot...

7.7CVSS7.2AI score0.21173EPSS
Exploits2References3
Veracode
Veracode
added 2021/10/29 11:10 a.m.23 views

Security Restriction Bypass

spring-boot-actuator is vulnerable to security restriction bypass. Lack of secure handling of HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping causes the exposure of those resources and request mapping, leading to...

5.3CVSS1.4AI score0.00746EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2021/01/05 6:15 p.m.23 views

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

7.7CVSS6.8AI score
Exploits0References4
NVD
NVD
added 2021/01/05 6:15 p.m.34 views

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

7.7CVSS7.4AI score0.21173EPSS
Exploits2References4
Prion
Prion
added 2021/01/05 6:15 p.m.25 views

Directory traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

4CVSS7.2AI score0.21173EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2021/01/05 5:30 p.m.33 views

CVE-2021-21234 Directory Traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

7.7CVSS7.6AI score0.21173EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2021/01/05 5:29 p.m.69 views

Directory Traversal in spring-boot-actuator-logview

Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...

7.7CVSS0.6AI score0.21173EPSS
Exploits2References6Affected Software1
Hacker One
Hacker One
added 2020/10/26 9:23 p.m.20 views

Stripo Inc: Memory Dump and Env Disclosure via Spring Boot Actuator

Memory Dump and Env Disclosure via Spring Boot Actuator Spring boot actuator files/endpoints can be accessed via path like stripo.email/██████/actuator/, including a 110 MB heapdump file, which expose source code, private keys and some internal data! The maximum severity of this asset is medium, ...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2020/06/04 8:41 p.m.215 views

GitHub Security Lab: CodeQL query to detect open Spring Boot actuator endpoints

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2020/04/04 5:14 a.m.28 views

LY Corporation: Spring Actuator endpoints publicly available and broken authentication

Due to insufficient access control, it was possible to access the Spring Boot Actuator endpoints /heapdump and /env. @kazan71p identified two highly sensitive applications leaking information through these endpoints. The LINE Security team shutdown the secondary endpoints just as it was discovere...

6.9AI score
Exploits0
CNVD
CNVD
added 2019/04/16 12:0 a.m.1 views

Spring Boot Actuator Command Execution Vulnerability

Actuators are one of the four main features proposed in Spring Boot to simplify Spring development. A command execution vulnerability exists in Spring Boot Actuator, which can be exploited by an attacker to execute arbitrary commands by constructing a malicious request...

7.8AI score
Exploits0References1
Rows per page
Query Builder