CWE: 749 (Exposed Dangerous Method or Function ('Encapsulation'))
The application contains dangerous administrative functionality which is enabled via the management.endpoints.web.exposure.include configuration property. An attacker could use the exposed methods to perform sensitive operations on the application and leverage it to execute sophisticated attacks. These can amount to Denial-of-Service or tampering with application run-time behavior.Ensure that any administrative features or sensitive operations are not enabled in production if they are not needed. Set to a value that prevents unathorized access or put other mitigating controls in place (e.g. network firewall rules) to prevent access by unauthorized parties. Ensure that proper authentication and authorization controls are in place for any required sensitive operations.References: CWE/nDon't know how to fix this? Don't know why this was reported? Get Assistance from Veracode
https://github.com/GitHub-workflow-APP/Spring-Petclinic/blob/0032cd06428534a3e660b4205b43d37f3d0b89ab/BOOT-INF/classes/application.properties#L12-L22
Filename: application.properties
Line: 17
CWE: 749 (Exposed Dangerous Method or Function ('Encapsulation'))
The application contains dangerous administrative functionality which is enabled via the management.endpoints.web.exposure.include configuration property. An attacker could use the exposed methods to perform sensitive operations on the application and leverage it to execute sophisticated attacks. These can amount to Denial-of-Service or tampering with application run-time behavior. Ensure that any administrative features or sensitive operations are not enabled in production if they are not needed. Set to a value that prevents unathorized access or put other mitigating controls in place (e.g. network firewall rules) to prevent access by unauthorized parties. Ensure that proper authentication and authorization controls are in place for any required sensitive operations. References: CWE/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode