Skip to content

actuator reveiling server information  #9990

@ridea-co

Description

@ridea-co

Steps to Reproduce

  1. Create a new Grails project (grails create-app --profile=web actuator)
  2. gradle bootRun

Behaviour

navigate to http://localhost:8080/env
navigate to http://localhost:8080/dump
navigate to http://localhost:8080/trace

Sensitive information are shown (Including db username, cookie id, etc, etc...). Which leads to security issue.

Environment Information

  • Grails Version: 3.1.8
  • JDK Version: 1.8.0_51

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions