Lucene search
GitHub Advisory DatabaseGHSA-9GP8-6CG8-7H34HistoryFeb 06, 2024 - 12:30 a.m.
Spring Security's spring-security.xsd file is world writable
2024-02-0600:30:25
CWE-732
GitHub Advisory Database
github.com
6
spring security
spring-security.xsd
world-writable
incorrect permission assignment
critical resource
exploit
update
latest version
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system.
While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.
Related
cvelist
cvelist
CVE-2023-34042
2024-02-05 22:00:01
ibm
ibm
Security Bulletin: IBM Spectrum Conductor with spring-security-config is vulnerable to Incorrect Permission Assignment for Critical Resource
2024-04-17 16:35:05
cve
cve
CVE-2023-34042
2024-02-05 22:15:55
veracode
veracode
Incorrect File Permission
2024-02-07 07:52:57
redhatcve
redhatcve
CVE-2023-34042
2024-02-06 05:30:49
osv
osv
Spring Security's spring-security.xsd file is world writable
2024-02-06 00:30:25
CVE-2023-34042
2024-02-05 22:15:55
prion
prion
Design/Logic Flaw
2024-02-05 22:15:00