Vulnerability Description
While reviewing SecurityConfig.java, I discovered an improper authorization vulnerability where sensitive and cost-incurring endpoints are exposed to the public internet without any authentication checks.
Specifically:
- Spring Boot Actuator Exposed: The path
/actuator/** is configured with .permitAll(). This exposes the application's internal management endpoints.
- Unauthenticated AI Endpoints: Paths such as
/ai/summarize, /ai/chat, and /ai/chat/ollama are also configured with .permitAll(). These endpoints interface with third-party LLM providers (e.g., OpenAI, Gemini), which charge per request/token.
I am participating in GSSoC '26 and would like to submit a Pull Request to fix this by restricting the /actuator/** endpoints to an ADMIN role and securing the /ai/** endpoints behind standard JWT authentication.
Impact
- Information Disclosure (Actuator): By leaving the actuator endpoints unprotected, an attacker can access
/actuator/env to read sensitive environment variables (such as API keys and database credentials) or /actuator/heapdump to download memory dumps containing sensitive user session data.
- Denial of Wallet / Financial Loss (AI Endpoints): Because the AI endpoints are unauthenticated, a malicious actor can script a bot to send thousands of requests to the LLM APIs without needing a valid user account. This would quickly consume API quotas and result in massive, unexpected financial charges for the project maintainers.
Reproduction Steps
- Start the backend application locally.
- Open a terminal and run a simple
curl command against the actuator environment endpoint without providing any Authorization headers:
curl -X GET http://localhost:8080/actuator/env
- Observe that the server returns the environment properties instead of a
401 Unauthorized response.
- Similarly, make a POST request to an AI endpoint without a token:
curl -X POST http://localhost:8080/ai/chat -H "Content-Type: application/json" -d '{"message": "Hello"}'
- Observe that the request is processed and sent to the LLM provider instead of being blocked.
Severity Level
Critical
Vulnerability Description
While reviewing
SecurityConfig.java, I discovered an improper authorization vulnerability where sensitive and cost-incurring endpoints are exposed to the public internet without any authentication checks.Specifically:
/actuator/**is configured with.permitAll(). This exposes the application's internal management endpoints./ai/summarize,/ai/chat, and/ai/chat/ollamaare also configured with.permitAll(). These endpoints interface with third-party LLM providers (e.g., OpenAI, Gemini), which charge per request/token.I am participating in GSSoC '26 and would like to submit a Pull Request to fix this by restricting the
/actuator/**endpoints to anADMINrole and securing the/ai/**endpoints behind standard JWT authentication.Impact
/actuator/envto read sensitive environment variables (such as API keys and database credentials) or/actuator/heapdumpto download memory dumps containing sensitive user session data.Reproduction Steps
curlcommand against the actuator environment endpoint without providing any Authorization headers:curl -X GET http://localhost:8080/actuator/env401 Unauthorizedresponse.curl -X POST http://localhost:8080/ai/chat -H "Content-Type: application/json" -d '{"message": "Hello"}'Severity Level
Critical