Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f68287ca1fc03a962f828e6ad68017a376b9d625
Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths:
DELETE /api/BusinessPartnerAccount/{id}
DELETE /api/Facility/{id}
DELETE /api/MaterialType/{id}
GET /account/SignIn
GET /account/SignOut
GET /account/me/identity
GET /account/ping
GET /api/BusinessPartnerAccount
GET /api/BusinessPartnerAccount/actions/Company/Search/{queryString}
GET /api/BusinessPartnerAccount/actions/Search/{queryString}
GET /api/CostCenter/GetCostCenters
GET /api/CostCenter/SearchCostCenter/{numberSearchString}
GET /api/CostCenter/getCostCenter/{number}
GET /api/Facility
GET /api/Facility/getFacilityOwnerList/{id}
GET /api/Facility/getFacilityOwnersHistoryLog
GET /api/Geolocation
GET /api/Geolocation/actions/get/unlinked
GET /api/Geolocation/actions/search/{name}
GET /api/Geolocation/actions/validate
GET /api/Geolocation/actions/{id}/validate
GET /api/Geolocation/{id}
GET /api/GeolocationTypes
GET /api/HsrmCategory
GET /api/Material/actions/GetMaterialsByCostCenter
GET /api/Material/actions/GetMaterialsByTacticalPlan
GET /api/MaterialPass
GET /api/MaterialType
GET /api/PersonInformation/actions/DetailPersonInformation/{badgeNumber}
GET /api/PersonInformation/actions/FullTextSearch
GET /api/TacticalPlan
GET /api/TacticalPlan/detailed/history/{tacticalPlanActionId}
GET /api/TacticalPlan/get-attachments-total-count
GET /api/TacticalPlan/history/{tacticalPlanId}
GET /api/TacticalPlanFile/{id}
GET /api/TacticalPlanInformationTab
GET /api/TacticalPlanPersonTab
GET /api/TacticalPlanProjectTab
GET /api/Vendor/actions/Search/{companySearchString}
GET /api/Vendor/{companyFullName}
GET /app/info
POST /api/Facility/actions/add/owners
POST /api/Geolocation/getGeolocationsByTypes
POST /api/TacticalPlanFile/Upload
PUT /api/TacticalPlan/delete-tsp