bonus
/
devicesmgt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SpringBootActuator接口未授权多环境漏洞修复

This commit is contained in:
mashuai 2024-05-22 16:21:10 +08:00
parent 4ce7ad39fd
commit 8e09caf346
4 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sgzb-auth/src/main/resources/bootstrap.yml
View File

@ -42,3 +42,9 @@ getPersonDetailData: /lbcloud-user/api/user/queryById
registerPhone: /lbcloud-user/api/user/registrationByPhone registerPhone: /lbcloud-user/api/user/registrationByPhone
userBindUrl: /lbcloud-authority/api/RoleClient/bindDefaultSystemRole userBindUrl: /lbcloud-authority/api/RoleClient/bindDefaultSystemRole
verifyPhoneCode: /lbcloud-mbroker/api/broker/simpleVerificationCode verifyPhoneCode: /lbcloud-mbroker/api/broker/simpleVerificationCode
# 禁用Actuator端点的未经身份验证的访问
management:
endpoint:
env:
enabled: false

1
sgzb-common/sgzb-common-core/pom.xml
View File

@ -63,6 +63,7 @@
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId> <artifactId>jackson-databind</artifactId>
<version>2.13.5</version>
</dependency> </dependency>
<!-- Alibaba Fastjson --> <!-- Alibaba Fastjson -->

6
sgzb-modules/sgzb-base/src/main/resources/bootstrap.yml
View File

@ -32,3 +32,9 @@ spring:
# 共享配置 # 共享配置
shared-configs: shared-configs:
- application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension} - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
# 禁用Actuator端点的未经身份验证的访问
management:
endpoint:
env:
enabled: false

6
sgzb-modules/sgzb-system/src/main/resources/bootstrap.yml
View File

@ -67,6 +67,12 @@ tencent:
# API密钥 # API密钥
secretkey: OXUgeMo0yhBRTGo6sVu3yiFX4rQtAzc3 secretkey: OXUgeMo0yhBRTGo6sVu3yiFX4rQtAzc3
# 禁用Actuator端点的未经身份验证的访问
management:
endpoint:
env:
enabled: false