Skip to main content

Steeltoe Management Endpointcore

2 CVEs product

Monthly

CVE-2026-50200 NuGet HIGH PATCH GHSA This Week

Sensitive credential disclosure in Steeltoe.Management.Endpoint before 4.2.0 and Steeltoe.Management.EndpointCore before 3.4.0 allows remote attackers to retrieve plaintext database connection strings, embedded passwords, and URI userinfo segments via the `/actuator/env` endpoint. The Sanitizer's default key-suffix list omits the standard .NET `ConnectionStrings:<name>` pattern and the Steeltoe Connectors' `Steeltoe:Client:<type>:Default:ConnectionString` pattern, and performs no value-based scrubbing. No public exploit identified at time of analysis, but the fix and test cases are committed in public GitHub history, making the vulnerable behavior easy to reproduce.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-50194 NuGet HIGH PATCH GHSA This Week

Improper authentication in Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 allows remote unauthenticated attackers to reach actuator endpoints intended to be isolated on a separate management port by spoofing the HTTP Host header. The middleware trusted the client-supplied Host header port instead of the actual TCP socket port, defeating port-based access restrictions and enabling information disclosure from sensitive actuator endpoints. No public exploit identified at time of analysis, though the fix commit and a regression test demonstrating Host-header spoofing are publicly available on GitHub.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Sensitive credential disclosure in Steeltoe.Management.Endpoint before 4.2.0 and Steeltoe.Management.EndpointCore before 3.4.0 allows remote attackers to retrieve plaintext database connection strings, embedded passwords, and URI userinfo segments via the `/actuator/env` endpoint. The Sanitizer's default key-suffix list omits the standard .NET `ConnectionStrings:<name>` pattern and the Steeltoe Connectors' `Steeltoe:Client:<type>:Default:ConnectionString` pattern, and performs no value-based scrubbing. No public exploit identified at time of analysis, but the fix and test cases are committed in public GitHub history, making the vulnerable behavior easy to reproduce.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Improper authentication in Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 allows remote unauthenticated attackers to reach actuator endpoints intended to be isolated on a separate management port by spoofing the HTTP Host header. The middleware trusted the client-supplied Host header port instead of the actual TCP socket port, defeating port-based access restrictions and enabling information disclosure from sensitive actuator endpoints. No public exploit identified at time of analysis, though the fix commit and a regression test demonstrating Host-header spoofing are publicly available on GitHub.

Information Disclosure Steeltoe Management Endpoint Steeltoe Management Endpointcore
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy