漏洞描述
Actuator是Spring Boot提供的服务监控和管理中间件,默认配置会出现接口未授权访问,导致敏感信息泄露,部分接口还会泄露网站流量信息和内存信息等
SpringBoot Actuator env 端点敏感信息泄露
PoC代码
暂无相关漏洞推荐
- springboot-actuator-unauth: Springboot Actuator Unauth
- POC CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal
- POC CVE-2025-34026: Versa Concerto Actuator Endpoint - Authentication Bypass
- POC CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal
- POC hikvision-env: Hikvision Springboot Env Actuator - Detect
- POC springboot-autoconfig: Detect Springboot autoconfig Actuator
- POC springboot-beans: Detect Springboot Beans Actuator
- POC springboot-caches: Springboot Actuator Caches
- POC springboot-conditions: Detect Springboot Conditions Actuator
- POC springboot-configprops: Detect Springboot Configprops Actuator
- POC springboot-dump: Detect Springboot Dump Actuator
- POC springboot-env: Springboot Env Actuator - Detect
- POC springboot-features: Detects Springboot Features Actuator