Sensitive Information Disclosure

# Summary

In the latest version 6.0.0, all microservices' Spring Actuator interfaces have no access control whatsoever, allowing any user to access and obtain various configurations, environment variables, and other sensitive information of the corresponding services.

---

# POC
```
http://localhost:{port}/actuator

such as:
http://localhost:9900/actuator
http://localhost:7200/actuator
```

<img width="2884" height="618" alt="Image" src="https://github.com/user-attachments/assets/3399b9a3-0a6c-49dd-b80b-379a23b24bc1" />

<img width="2904" height="624" alt="Image" src="https://github.com/user-attachments/assets/309af1fe-63ea-4fce-992c-efc3b06be030" />

<img width="2908" height="572" alt="Image" src="https://github.com/user-attachments/assets/cb8fb135-b751-4167-ac00-1df998ccdfd3" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sensitive Information Disclosure #79

Summary

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Sensitive Information Disclosure #79

Description

Summary

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions