漏洞描述
Actuator是Spring Boot提供的服务监控和管理中间件。 Spring Boot <1.5默认配置下,所有端点都可以无权限访问,如果使用Spring Cloud相关组件,通过env和refresh端点发送请求修改spring.cloud.bootstrap.location环境变量,使用yaml逆序执行任意代码,获取服务器权限。
SpringBoot Actuator SnakeYAML 远程命令执行
PoC代码
暂无相关漏洞推荐
- springboot-actuator-unauth: Springboot Actuator Unauth
- POC CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal
- POC CVE-2025-34026: Versa Concerto Actuator Endpoint - Authentication Bypass
- POC CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal
- POC hikvision-env: Hikvision Springboot Env Actuator - Detect
- POC springboot-autoconfig: Detect Springboot autoconfig Actuator
- POC springboot-beans: Detect Springboot Beans Actuator
- POC springboot-caches: Springboot Actuator Caches
- POC springboot-conditions: Detect Springboot Conditions Actuator
- POC springboot-configprops: Detect Springboot Configprops Actuator
- POC springboot-dump: Detect Springboot Dump Actuator
- POC springboot-env: Springboot Env Actuator - Detect
- POC springboot-features: Detects Springboot Features Actuator