Summary
Acunetix 360 detected that the Spring Boot web application is storing datasource credentials in plain text in the properties files via spring.datasource.password It's not recommended to store plain text passwords in configuration files.
Impact
An attacker that is able to read the properties files has access to all the credentials stored in this file and could use this information to conduct further attacks.
Actions To Take
It's recommended to encrypt the credentials using a library like Jasypt. By using Jasypt, you can provide encryption for the property sources and the application can decrypt the encrypted properties and retrieve the original values.