Steeltoe.Management.Endpoint versions prior to 4.2.0 and Steeltoe.Management.EndpointCore versions prior to 3.4.0 have a vulnerability where all actuator endpoints default to EndpointPermissions.Restricted, which corresponds to Cloud Foundry's read_basic_data permission. Sensitive endpoints like heap dump, environment, and thread dump do not enforce the stricter read_sensitive_data permission, unlike Spring Boot's Cloud Foundry integration. This improper privilege management (CWE-269, CWE-285) allows users with lower-trust roles such as Space Auditors to access sensitive diagnostic data. The vulnerability is addressed by increasing the required permissions for these endpoints to EndpointPermissions.Full in the fixed versions. Alternative mitigations include configuring the permissions explicitly or limiting the actuators registered in production environments.

Users with roles granted only read_basic_data permissions (e.g., Space Auditors) can access sensitive actuator endpoints that expose heap dumps, environment variables, and thread dumps. This exposure can lead to unauthorized disclosure of sensitive application and system information. The vulnerability does not affect integrity or availability but impacts confidentiality. There are no known exploits in the wild at this time.

A fix is available in Steeltoe.Management.Endpoint version 4.2.0 and Steeltoe.Management.EndpointCore version 3.4.0. Users should upgrade to these versions to resolve the issue. If immediate upgrading is not possible, explicitly set RequiredPermissions = EndpointPermissions.Full in the options for HeapDumpEndpointOptions, EnvironmentEndpointOptions, and ThreadDumpEndpointOptions. Additionally, consider registering only necessary actuators individually instead of using AddAllActuators() to avoid exposing sensitive endpoints unnecessarily.