PT-2023-22505 · Unknown · Spring-Boot-Actuator-Logview
Published
2023-05-11
·
Updated
2025-01-27
·
CVE-2023-29986
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
spring-boot-actuator-logview version 0.2.13
Description
The issue allows Directory Traversal to sibling directories via the
LogViewEndpoint.view endpoint. This enables access to files outside the intended directory, potentially leading to sensitive information disclosure.Recommendations
For spring-boot-actuator-logview version 0.2.13, consider disabling the
LogViewEndpoint.view endpoint until a patch is available to prevent Directory Traversal attacks. Restrict access to sensitive files and directories to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring-Boot-Actuator-Logview