11 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-20860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...
Keycloak 访问控制错误漏洞
Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a user-organization domain pattern mismatch in the organization function. An attacker exploiting this vulnerability could be...
Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability. Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass...
GHSA-3H6F-G5F3-GC4W Access Control Bypass in Spring Security
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
CVE-2023-34034
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
Security feature bypass
Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...
PT-2023-3578 · Spring · Spring Webflux
Name of the Vulnerable Software and Affected Versions: Spring WebFlux versions affected versions not specified Description: Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
UBUNTU-CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...