This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-043
Skip to end of metadata
Go to start of metadata


Using the Config Browser plugin in production

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Usage of the Config Browser plugin in a production evnironment

Maximum security rating



Please read the Security guideline

Affected Software

Any Struts 2 version


Yelin from Venustech Inc.

CVE Identifier



Usage of the Config Browser in a production environment can lead to exposing vunerable information of the application


Please read our Security guideline and restrict access to the Config Browser or do not use in a production environment!

Backward compatibility

No backward incompatibility issues are expected.

  • No labels