Steeltoe Management Endpointbase
Monthly
Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.
Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.