Sensitive Info Disclosure ( unauthenticated Spring Boot Admin & actuator)

# Summary

The latest version (v3.3.4) of xboot allows unauthenticated access to both Spring Boot Admin and Spring Actuator, resulting in the exposure of extensive server configuration information and environment variables.

# POC

```
http://127.0.0.1:8888/xboot/admin/wallboard
http://127.0.0.1:8888/xboot/actuator

```

<img width="1280" height="1119" alt="Image" src="https://github.com/user-attachments/assets/59701abc-e911-4fa3-9f1e-69bfda5f6ac1" />

<img width="2812" height="496" alt="Image" src="https://github.com/user-attachments/assets/7a2404b8-34ec-4774-8bc9-8cdb69de70a6" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sensitive Info Disclosure ( unauthenticated Spring Boot Admin & actuator) #72

Summary

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Sensitive Info Disclosure ( unauthenticated Spring Boot Admin & actuator) #72

Description

Summary

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions