Summary
The health_check JSON-RPC method returns total, pending, completed, and failed request counts plus uptime (src/methods/health_check.rs).
Risk
On a publicly reachable deployment, this is a low-severity information leak useful for reconnaissance (activity levels, failure rates) and capacity planning by competitors or attackers.
Suggested mitigations
- Require the same authentication as other methods, or bind health to a separate admin port.
- Return coarse-grained status only for authenticated callers.
References
src/methods/health_check.rssrc/rpc.rs (method registration)
Summary
The
health_checkJSON-RPC method returns total, pending, completed, and failed request counts plus uptime (src/methods/health_check.rs).Risk
On a publicly reachable deployment, this is a low-severity information leak useful for reconnaissance (activity levels, failure rates) and capacity planning by competitors or attackers.
Suggested mitigations
References
src/methods/health_check.rssrc/rpc.rs(method registration)