Skip to main content

Steeltoe Management Endpointbase

1 CVEs product

Monthly

CVE-2026-50201 NuGet MEDIUM PATCH GHSA This Month

Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.

Privilege Escalation Java Steeltoe Management Endpoint Steeltoe Management Endpointbase
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Sensitive actuator endpoints in Steeltoe.Management.Endpoint and Steeltoe.Management.EndpointCore expose heap dumps, environment variables, and thread dumps to low-trust Cloud Foundry roles (Space Auditors) due to incorrect default permission levels. Affected versions inherit the base class default of EndpointPermissions.Restricted - which maps to CF's read_basic_data scope - rather than overriding to EndpointPermissions.Full (read_sensitive_data), the permission level Spring Boot's equivalent integration correctly enforces. No public exploit code or KEV listing exists at time of analysis; however, the CVSS PR:L rating reflects that any valid CF credential with Space Auditor privileges is sufficient to reach the affected endpoints.

Privilege Escalation Java Steeltoe Management Endpoint +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy