Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] Unauthorized access to Spring Boot Actuator #4171

Open
2 of 3 tasks
cncaizheng opened this issue Jan 15, 2025 · 1 comment
Open
2 of 3 tasks

[Improvement] Unauthorized access to Spring Boot Actuator #4171

cncaizheng opened this issue Jan 15, 2025 · 1 comment

Comments

@cncaizheng
Copy link

Search before asking

  • I had searched in the issues and found no similar issues.

Java Version

JDK1.8

Scala Version

2.12.x

StreamPark Version

streampark2.1.4

Flink Version

Flink1.17.1

deploy mode

yarn-application

What happened

Spring Boot Actuator Unauthorized Access Vulnerability

Error Exception

Actor is a functional module provided by springboot for introspection and monitoring of application systems. With the help of Actor, developers can easily view and analyze certain monitoring indicators of the application system. In the case where the actuator is enabled, if relevant permission controls are not properly implemented, unauthorized users can access the default actuator endpoints to obtain monitoring information in the application system.

Screenshots

No response

Are you willing to submit PR?

  • Yes I am willing to submit a PR!(您是否要贡献这个PR?)

Code of Conduct
@cncaizheng cncaizheng changed the title [Improvement] Spring Boot Actuator [Improvement] Unauthorized access to Spring Boot Actuator Jan 15, 2025
@cncaizheng
Copy link
Author

Host scanned to port 10000 for unauthorized access vulnerability of Spring Boot Actuator

wolfboys added a commit that referenced this issue Jan 16, 2025
@wolfboys
[Improve] Unauthorized access to Spring Boot Actuator #4171
070e0c6
@wolfboys wolfboys mentioned this issue Jan 16, 2025
Merged
@wolfboys wolfboys marked this as a duplicate of #4170 Jan 17, 2025
wolfboys added a commit that referenced this issue Jan 17, 2025
@wolfboys
[Improve] Unauthorized access to Spring Boot Actuator #4171 (#4173)
9168dab
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cncaizheng