Skip to main content

Steeltoe Management Endpoint

3 CVEs product

Monthly

CVE-2026-50201 NuGet MEDIUM PATCH GHSA This Month

Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.

Privilege Escalation Java Steeltoe Management Endpoint Steeltoe Management Endpointbase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-50200 NuGet HIGH PATCH GHSA This Week

Sensitive credential disclosure in Steeltoe.Management.Endpoint before 4.2.0 and Steeltoe.Management.EndpointCore before 3.4.0 allows remote attackers to retrieve plaintext database connection strings, embedded passwords, and URI userinfo segments via the `/actuator/env` endpoint. The Sanitizer's default key-suffix list omits the standard .NET `ConnectionStrings:<name>` pattern and the Steeltoe Connectors' `Steeltoe:Client:<type>:Default:ConnectionString` pattern, and performs no value-based scrubbing. No public exploit identified at time of analysis, but the fix and test cases are committed in public GitHub history, making the vulnerable behavior easy to reproduce.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-50194 NuGet HIGH PATCH GHSA This Week

Improper authentication in Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 allows remote unauthenticated attackers to reach actuator endpoints intended to be isolated on a separate management port by spoofing the HTTP Host header. The middleware trusted the client-supplied Host header port instead of the actual TCP socket port, defeating port-based access restrictions and enabling information disclosure from sensitive actuator endpoints. No public exploit identified at time of analysis, though the fix commit and a regression test demonstrating Host-header spoofing are publicly available on GitHub.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.

Privilege Escalation Java Steeltoe Management Endpoint +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sensitive credential disclosure in Steeltoe.Management.Endpoint before 4.2.0 and Steeltoe.Management.EndpointCore before 3.4.0 allows remote attackers to retrieve plaintext database connection strings, embedded passwords, and URI userinfo segments via the `/actuator/env` endpoint. The Sanitizer's default key-suffix list omits the standard .NET `ConnectionStrings:<name>` pattern and the Steeltoe Connectors' `Steeltoe:Client:<type>:Default:ConnectionString` pattern, and performs no value-based scrubbing. No public exploit identified at time of analysis, but the fix and test cases are committed in public GitHub history, making the vulnerable behavior easy to reproduce.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Improper authentication in Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 allows remote unauthenticated attackers to reach actuator endpoints intended to be isolated on a separate management port by spoofing the HTTP Host header. The middleware trusted the client-supplied Host header port instead of the actual TCP socket port, defeating port-based access restrictions and enabling information disclosure from sensitive actuator endpoints. No public exploit identified at time of analysis, though the fix commit and a regression test demonstrating Host-header spoofing are publicly available on GitHub.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy