Domain dev1-iadmin.kekker.com
Ireland
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-25 10:17-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c895363007ed29f76d04b3ebf10c5db48cbbc6bePublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v1/auth/check GET /api/v1/auth/stsloginurl GET /api/v1/auth/stslogouturl GET /api/v1/dicts/scopes GET /api/v1/permissiongroups GET /api/v1/permissiongroups/{id} GET /api/v1/permissions GET /api/v1/permissions/{id} GET /api/v1/system/healthtest GET /api/v1/system/info GET /api/v1/users GET /api/v1/users/password/recoveryconfirm GET /api/v1/users/{uid} POST /api/v1/auth/refreshtokens POST /api/v1/auth/tokens POST /api/v1/users/activation POST /api/v1/users/denyaccesstoall POST /api/v1/users/password/recoveryrequest POST /api/v1/users/registrationnew POST /api/v1/users/{uid}/claims PUT /api/v1/permissiongroups/{id}/permissions PUT /api/v1/users/changeemail PUT /api/v1/users/changemypassword PUT /api/v1/users/changepassword PUT /api/v1/users/confirmemail PUT /api/v1/users/removeadmin PUT /api/v1/users/setadmin PUT /api/v1/users/setemailtwofaoff PUT /api/v1/users/setemailtwofaon PUT /api/v1/users/validatetoken PUT /api/v1/users/{uid}/contacts PUT /api/v1/users/{uid}/password PUT /api/v1/users/{uid}/password/reset PUT /api/v1/users/{uid}/permissiongroups PUT /api/v1/users/{uid}/permissions PUT /api/v1/users/{uid}/unblockFound on 2025-11-25 10:17
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-25 10:17-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549c895363007ed29f76d04b3ebf10c5db48cbbc6bePublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v1/auth/check GET /api/v1/auth/stsloginurl GET /api/v1/auth/stslogouturl GET /api/v1/dicts/scopes GET /api/v1/permissiongroups GET /api/v1/permissiongroups/{id} GET /api/v1/permissions GET /api/v1/permissions/{id} GET /api/v1/system/healthtest GET /api/v1/system/info GET /api/v1/users GET /api/v1/users/password/recoveryconfirm GET /api/v1/users/{uid} POST /api/v1/auth/refreshtokens POST /api/v1/auth/tokens POST /api/v1/users/activation POST /api/v1/users/denyaccesstoall POST /api/v1/users/password/recoveryrequest POST /api/v1/users/registrationnew POST /api/v1/users/{uid}/claims PUT /api/v1/permissiongroups/{id}/permissions PUT /api/v1/users/changeemail PUT /api/v1/users/changemypassword PUT /api/v1/users/changepassword PUT /api/v1/users/confirmemail PUT /api/v1/users/removeadmin PUT /api/v1/users/setadmin PUT /api/v1/users/setemailtwofaoff PUT /api/v1/users/setemailtwofaon PUT /api/v1/users/validatetoken PUT /api/v1/users/{uid}/contacts PUT /api/v1/users/{uid}/password PUT /api/v1/users/{uid}/password/reset PUT /api/v1/users/{uid}/permissiongroups PUT /api/v1/users/{uid}/permissions PUT /api/v1/users/{uid}/unblockFound on 2025-11-25 10:17
-