| عنوان | Halo 2.21.10 Exposure of Sensitive Information Due to Incompatible Policies |
|---|
| الوصف | In the Halo release version (currently the latest is 2.21.10), due to improper Spring actuator endpoint configurations that are also unnecessary for business operations, multiple sensitive endpoints (such as env, heapdump, logfile, etc.) are exposed, potentially resulting in the leakage of sensitive information. |
|---|
| المصدر | ⚠️ https://github.com/SECWG/cve/issues/9 |
|---|
| المستخدم | WenGui (UID 82184) |
|---|
| ارسال | 14/12/2025 02:38 PM (4 أشهر منذ) |
|---|
| الاعتدال | 27/12/2025 11:18 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338519 [Halo حتى 2.21.10 Configuration /actuator الكشف عن المعلومات] |
|---|
| النقاط | 18 |
|---|