Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff431818dff1ab714ac2ab714ac2ab714ac2ab714ac2
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /v1/{portal}/{entity}/details/{course_id}
GET /v1/{portal}/{entity}/{type}/{region}
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff431818dff1ab714ac2ab714ac2ab714ac2ab714ac2
Public Swagger UI/API detected at path: /swagger.json - sample paths:
GET /v1/{portal}/{entity}/details/{course_id}
GET /v1/{portal}/{entity}/{type}/{region}