Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Springboot Liquidbase API" module is designed to detect misconfigurations in Spring Boot applications that use Liquibase for managing database changes. Liquibase is an open-source library that provides a way to track, manage, and apply database schema changes. This module focuses on identifying potential vulnerabilities and exposures related to Liquibase endpoints.
This module has a low severity level, indicating that the detected issues may have limited impact or pose a lower risk to the application.
Author: ELSFA7110
The "Springboot Liquidbase API" module aims to identify potential misconfigurations or vulnerabilities in the Liquibase endpoints of Spring Boot applications. By detecting these issues, it helps developers and security professionals ensure the proper configuration and security of the Liquibase API, preventing unauthorized access or unintended exposure of sensitive information.
The "Springboot Liquidbase API" module works by sending HTTP requests to specific Liquibase endpoints and applying matching conditions to identify potential vulnerabilities or misconfigurations. It checks for the presence of specific keywords in the response body, headers, and the HTTP status code to determine if the Liquibase API is properly configured and secured.
For example, one of the HTTP requests sent by this module could be:
GET /liquibase
The module then applies the following matching conditions:
- The response body must contain the keywords "liquibase" and "\"FILENAME\":\"". - The response headers must include one of the following: "application/json", "application/vnd.spring-boot.actuator", "application/vnd.spring-boot.actuator.v1+json", or "application/vnd.spring-boot.actuator.v2+json". - The HTTP status code must be 200.If all the matching conditions are met, the module will report a potential vulnerability or misconfiguration related to the Liquibase API.
For more information about Liquibase and its usage in Spring Boot applications, refer to the official Spring Boot documentation.
Metadata
verified: true