Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035491d5bc99c39ae7b74e49b83b229c81b9b6ffd5007
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /accounts
GET /accounts/movements/{AccountMovementId}
GET /accounts/{AccountId}
GET /accounts/{AccountId}/movements
GET /debts/creditor/{CreditorId}
GET /debts/debtor/{DebtorId}
GET /debts/movements/{debtMovementId}
GET /debts/settlements/{SettlementId}
GET /debts/{DebtId}
GET /debts/{DebtId}/movements
GET /debts/{DebtorId}
GET /info
GET /movement
GET /movement-types
GET /movement-types/{MovementTypeId}
GET /paymentmovement/debt/{debtId}
GET /paymentmovement/payment/{paymentId}
GET /payments
GET /payments/chart-info
GET /payments/pending-imputation
GET /payments/{PaymentId}
GET /system-movements
GET /system-movements/{SystemMovementId}
POST /accounts/movements
POST /debts
POST /debts/movements
POST /debts/{debtId}/adjustment
POST /debts/{debtId}/forgiveness
POST /debts/{debtId}/rollback
POST /payments/{paymentId}/adjustment
POST /payments/{paymentId}/rollback-creation
POST /payments/{paymentId}/rollback-imputations