CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

CVE-2021-26074

CVE-2021-26074 affects Atlassian Connect Spring Boot (ACSB) versions 1.1.0 through 2.1.2 (before 2.1.3). The root cause is that ACSB erroneously accepts context JWTs on lifecycle endpoints (e.g., installation) where only server-to-server JWTs should be accepted, enabling an attacker to send authe...

PT-2021-16941 · Atlassian · Connect Spring Boot

Name of the Vulnerable Software and Affected Versions: Atlassian Connect Spring Boot versions 1.1.0 through 2.1.2 Description: The issue concerns broken authentication in Atlassian Connect Spring Boot, a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassia...

Atlassian Connect Spring Boot 授权问题漏洞

Atlassian Connect Spring Boot is an application component from Atlassian Australia. A Spring Boot starter program is provided for building Atlassian Connect add-ons for JIRA Software, Service Desk and Core and Confluence. A security vulnerability exists in Atlassian Connect Spring Boot versions...

Logic flaw vulnerability in oasys

oasys is an OA office automation system , the use of Maven for project management , springboot framework based on the development of the project , mysql underlying database , the front-end freemarker template engine , Bootstrap as the front-end UI framework , integrated jpa, mybatis and other...

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, including information on how to exploit various vulnerabilities in Spring Boot applications. The repository includes several subdirectories, each containing a specific exploit: 1...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.3.6 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.2.11 security update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

Directory Traversal

spring-boot-actuator-logview is vulnerable to directory traversal. The vulnerability exists through the base folder parameter exposed in the log file directory through admin HTTP endpoints...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

Directory traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-21234 Directory Traversal

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-21234

CVE-2021-21234 affects the Spring Boot Actuator Logview library (eu.hinsch:spring-boot-actuator-logview). Before version 0.2.13, there is a directory traversal vulnerability exposed by the actuator logviewer endpoint, where both the filename parameter and the base directory can be manipulated (ba...

Directory Traversal in spring-boot-actuator-logview

Impact The nature of this library is to expose a log file directory via admin spring boot actuator HTTP endpoints. Both the filename to view and a base folder relative to the logging folder root can be specified via request parameters. While the filename parameter was checked to prevent directory...

Lukashinsch Spring Boot Actuator Logview Path Traversal Vulnerability

Lukashinsch Spring Boot Actuator Logview is a codebase by the individual developer Ffay Lukashinsch that provides Spring Boot with the ability to view logs via a web interface. A path traversal vulnerability exists in spring-boot-actuator-logview versions prior to 0.2.13, which stems from the...

Command Execution Vulnerability in Huaxia ERP (CNVD-2020-70782)

Huaxia ERP based on SpringBoot framework , aspires to provide small and medium-sized enterprises with open source and good ERP software , currently focusing on sales and inventory + financial functions . HUAXIA ERP has a command execution vulnerability. Attackers can use this vulnerability to...

Unauthorized access and file upload vulnerabilities in Ruoyi's backend management system

Ruoyi backend management system is based on SpringBoot, Spring Security, JWT, Vue & Element of the front and back end separation of permissions management system , can be used for all Web applications , such as website management backend , website member center , CMS, CRM, OA and so on. If there ...

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...