Lucene search

CVE-2023-22602

🗓️ 14 Jan 2023 10:09:15Reported by [email protected]Type

Apache Shiro and Spring Boot authentication bypass CVE-2023-2260

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 15
Cvelist	CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request	14 Jan 202309:33	–	cvelist
Prion	Authentication flaw	14 Jan 202310:15	–	prion
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Shiro affects IBM WebSphere Service Registry and Repository	7 Mar 202411:42	–	ibm
OSV	CVE-2023-22602	14 Jan 202310:15	–	osv
OSV	Apache Shiro Interpretation Conflict vulnerability	14 Jan 202312:30	–	osv
Vulnrichment	CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request	14 Jan 202309:33	–	vulnrichment
RedhatCVE	CVE-2023-22602	27 Mar 202321:35	–	redhatcve
UbuntuCve	CVE-2023-22602	14 Jan 202300:00	–	ubuntucve
Debian CVE	CVE-2023-22602	14 Jan 202310:15	–	debiancve
Github Security Blog	Apache Shiro Interpretation Conflict vulnerability	14 Jan 202312:30	–	github

Nvd

Node

apache shiroRange<1.11.0

AND

vmware spring_bootMatch2.6.0+

Source	Link
security	www.security.netapp.com/advisory/ntap-20230302-0001/
lists	www.lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jan 2023 10:15Current

7.7High risk

Vulners AI Score7.7

CVSS37.5

EPSS0.00107

CWE-436