Skip to content

Exposed Dangerous Method or Function ('Encapsulation') [VID:1] #4

New issue
New issue
Open
Open
Exposed Dangerous Method or Function ('Encapsulation') [VID:1]#4
Labels
Veracode Policy ScanA Veracode Flaw found during a Policy or Sandbox ScanVeracodeFlaw: HighA Veracode Flaw, High severity
@veracode-workflow-app-preprod

Description

@veracode-workflow-app-preprod
veracode-workflow-app-preprod
bot
opened on Jun 22, 2024

https://github.com/GitHub-workflow-APP/Spring-Petclinic/blob/0032cd06428534a3e660b4205b43d37f3d0b89ab/BOOT-INF/classes/application.properties#L12-L22

Filename: application.properties

Line: 17

CWE: 749 (Exposed Dangerous Method or Function ('Encapsulation'))

The application contains dangerous administrative functionality which is enabled via the management.endpoints.web.exposure.include configuration property. An attacker could use the exposed methods to perform sensitive operations on the application and leverage it to execute sophisticated attacks. These can amount to Denial-of-Service or tampering with application run-time behavior. Ensure that any administrative features or sensitive operations are not enabled in production if they are not needed. Set to a value that prevents unathorized access or put other mitigating controls in place (e.g. network firewall rules) to prevent access by unauthorized parties. Ensure that proper authentication and authorization controls are in place for any required sensitive operations. References: CWE/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode

Metadata

Metadata

Assignees

No one assigned

    Labels

    Veracode Policy ScanA Veracode Flaw found during a Policy or Sandbox ScanVeracodeFlaw: HighA Veracode Flaw, High severity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions