Domain tehtava.api.yle.fi
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-14 11:19
Last seen 2026-01-16 21:25
Open for 94 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff4315e3782a2456098c3b4ae8113482557a516366bfPublic Swagger UI/API detected at path: /swagger.json - sample paths: DELETE /v1/answers/question/{question-uuid}.json GET /v1/answers/exam/{exam-id}.json GET /v1/answers/exam/{exam-id}/hengaillaan GET /v1/answers/participate GET /v1/answers/plastics/user.json GET /v1/answers/questions GET /v1/answers/series GET /v1/exams GET /v1/exams/answers/{uuid}.json GET /v1/exams/author/{author-id}.json GET /v1/exams/logs/{uuid}.json GET /v1/exams/stats.json GET /v1/exams/statsums.json GET /v1/exams/tags/{tags} GET /v1/exams/uuid/{uuid}.json GET /v1/exams/{id}.json GET /v1/ping GET /v1/public/averagescores.json GET /v1/public/exams GET /v1/public/exams.json GET /v1/public/leaderboard-hengaillaan/{uuid}.json GET /v1/public/leaderboard/{uuid}.json GET /v1/public/plastics/stats.json GET /v1/public/polls GET /v1/public/questions/carousel.json GET /v1/public/questions/search.json GET /v1/public/scores.json GET /v1/public/series GET /v1/public/stats.json GET /v1/public/statsums.json GET /v1/public/subjects.json GET /v1/public/tags.json GET /v1/public/tvstats.json GET /v1/questions/search.json GET /v1/questions/{quuid}/options/{oid}/answers.json GET /v1/questions/{quuid}/options/{oid}/stats.json GET /v1/series GET /v1/series/{uuid}.json GET /v1/tags/update POST /v1/answers/hengaillaan POST /v1/answers/plastics POST /v1/answers/question POST /v1/answers/umk POST /v1/ingest/answersFound on 2026-01-16 21:25
-