Findings

Data exposure detected

Updated: June 19, 2025

findings action based findings api finding

Description

Severity: Several

An exposed resource has been discovered.

Sensitive information or data has been potentially exposed to unauthorized access or unintended parties. This could occur due to various reasons such as misconfigured permissions, insecure storage practices, or vulnerabilities in the system or application handling the data.

Example Attack

Unsecured APIs: Attackers might exploit poorly secured APIs that expose sensitive data due to insufficient authentication or authorization controls. They could access endpoints meant for administrative or privileged users, gaining access to sensitive information stored or transmitted via these APIs.

Remediation

Verify that the exposure is intentional or take steps to secure access to the resource.

Security Frameworks

OWASP API 2023

API9:2023 Improper Inventory Management

APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. A proper inventory of hosts and deployed API versions also are important to mitigate issues such as deprecated API versions and exposed debug endpoints.

OWASP API 2019

API9:2019 Improper Assets Management

APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. Proper hosts and deployed API versions inventory also play an important role to mitigate issues such as deprecated API versions and exposed debug endpoints.

Need help?

Contact FireTail support

Previous (Findings - Action based findings)
DAN jailbreak vulnerability
Next (Findings - Action based findings)
Default Login Detected