Skip to content

Commit

Permalink
Change message and severity of rule (#3061)
Browse files Browse the repository at this point in the history 
* change message to reflect severity level

* update severity

* change message a bit

---------

Co-authored-by: enno <14846866+enncoded@users.noreply.github.com>
  • Loading branch information
@colleend @enncoded
colleend and enncoded authored Aug 28, 2023
1 parent 4217b4b commit 7467eb1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions java/spring/security/audit/spring-actuator-fully-enabled.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ rules:
Spring Boot Actuator is fully enabled. This exposes sensitive endpoints such as /actuator/env, /actuator/logfile,
/actuator/heapdump and others.
Unless you have Spring Security enabled or another means to protect these endpoints, this functionality
is available without authentication, causing a severe security risk.
severity: WARNING
is available without authentication, causing a significant security risk.
severity: ERROR
languages: [generic]
paths:
include:
Expand Down

0 comments on commit 7467eb1

Please sign in to comment.