Restrict Spring Boot actuator web exposure to non-sensitive endpoints

#Metadata

Rule ID: java.security.spring-actuator-sensitive-exposure
Severity: high
Confidence: 0.8
Languages: java
Presets: security, strict
Stability: experimental
Applies to: file
Tags: actuator, java, rules-catalog, security, spring-boot

#Why it matters

Over-exposed actuators leak configuration, secrets material, and JVM internals that attackers can use to pivot or crash the service.

#Remediation

Replace wildcards with explicit endpoint lists, move sensitive endpoints off public networks, and pair exposure with Spring Security rules or management port isolation.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/java/java.security.spring-actuator-sensitive-exposure.rule.yaml.

Back to directory Open rule in repository

Search docs

#Metadata

#Why it matters

#Remediation

#Repository path