Domain us.bugfender.com
United States
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-09 16:50
Last seen 2026-02-09 14:11
Open for 91 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f5e22fb471616734f8cdfb11ea2f3e966cdef9db80d9d5bdPublic Swagger UI/API detected at path: /api/swagger.json - sample paths: DELETE /api/app/{app_id}/version/{version_id}/symbols/{id} GET /api/app GET /api/app/{app_id}/device/{device_id} GET /api/app/{id}/devices GET /api/app/{id}/issues/download GET /api/app/{id}/logs/download GET /api/app/{id}/logs/paginated GET /api/app/{id}/versions GET /auth/authorize POST /api/app/{app_id}/version/{id}/symbols POST /api/app/{id}/device/{uid}/erase POST /api/upload-symbols POST /auth/tokenFound on 2026-02-09 14:11
-
-
Open service 174.138.119.203:443 ยท kmw.us.bugfender.com
2026-02-12 08:36
HTTP/1.1 401 Unauthorized Content-Length: 29 Content-Type: text/plain; charset=utf-8 Date: Thu, 12 Feb 2026 08:36:34 GMT X-Content-Type-Options: nosniff Connection: close Unauthorized - Missing token
Found 2026-02-12 by HttpPluginCreate report