
Data leak through Spring Boot Actuator misconfiguration
In March 2021, a Volkswagen Group subsidiary suffered a significant data breach due to a misconfigured Spring Boot Actuator instance exposed to the public internet. The actuator endpoint allowed unauthenticated access to sensitive Java application data, including heap dumps and environment variables.



