File tree Expand file tree Collapse file tree 1 file changed +8
-0
lines changed Expand file tree Collapse file tree 1 file changed +8
-0
lines changed Original file line number Diff line number Diff line change @@ -14,6 +14,14 @@ Custom critical resources can be exposed at the management port by implementing
1414` org.springframework.boot.actuate.endpoint.web.annotation.RestControllerEndpoint ` or
1515` org.springframework.boot.actuate.endpoint.web.annotation.ControllerEndpoint ` .
1616
17+ ## Risk: Root start
18+
19+ If the service is started with extended privileges as the root user, an attacker can more easily
20+ attack the operating system after taking over from the container.
21+
22+ The default configuration is capable to run as no root, listening to ports 8080 and 8081.
23+ Deployment checks must ensure, that the container is not configured with a root user.
24+
1725## Risk: Exploitation of HTTP methods
1826
1927The HTTP method ` TRACE ` is disabled by default to mitigate [ Cross Site Tracing] ( https://owasp.org/www-community/attacks/Cross_Site_Tracing ) .
You can’t perform that action at this time.
0 commit comments