1124 matches found
GHSA-F3JH-QVM4-MG39 Erroneous authentication pass in Spring Security
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...
CVE-2024-22257
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...
CVE-2024-22257
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...
CVE-2024-22257
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVotervote passing a null...
CVE-2024-22257
CVE-2024-22257 refers to a broken access control in Spring Security where an application vulnerable if it directly uses AuthenticatedVoter.vote with a null Authentication. The entry lists affected versions: 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, 6.0.x prior to 6.0.9, 6.1.x prior to 6.1.8, ...
VMware Spring Security Security Vulnerability
VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.2.0 through 6.2.2, 6.1.0 through 6.1.7, 6.0.0 through 6.0.9, 5.8.0 through 5.8.10, and 5.7.0...
Spring Boot Testjars founder Rob Winch
Hi, Spring fans! In this week's installment we talk Rob Winch, lead of Spring Security and founder of the exciting new project Spring Boot Testjars...
PT-2024-2215 · Atlassian +1 · Bamboo Data Center/Server +6
Name of the Vulnerable Software and Affected Versions: Spring Security versions 5.7.x prior to 5.7.12 Spring Security versions 5.8.x prior to 5.8.11 Spring Security versions 6.0.x prior to 6.0.9 Spring Security versions 6.1.x prior to 6.1.8 Spring Security versions 6.2.x prior to 6.2.3 Bitbucket...
This Week in Spring - February 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring wherein we explore the latest-and-greatest in the wonderful world of Springdom. This week's going to be a very good one, so let's dive right into it! good news everyone! Spring Boot's been updated! 3.3.0-M2, 3.2.3, and 3.1.9 a...
Access Control Error Vulnerability in Spring Security
Spring Security is a Spring-based enterprise applications can provide a declarative security access control solution for the security framework . It provides a set of beans that can be configured in the Spring application context , taking full advantage of the Spring IoC, DI Control Inversion...
CVE-2024-22234
A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...
GHSA-W3W6-26F2-P474 Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1168 more potentially affected by CVE-2024-22234 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.1)
org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =v1.0.26, =1.0.18, =1.0.2, =1.0.2, =1.0.11, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.2.2 and more Source cves: CVE-2024-22234 Source advisory: OSV:GHSA-W3W6-26F2-P474...
be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE), br.com.m4rc310:br-com-m4rc310-gql (=1.0.58) +1292 more potentially affected by CVE-2024-22234 via org.springframework.security:spring-security-core (>=6.1.0 <=6.1.6)
org.springframework.security:spring-security-core MAVEN version =6.1.0, =1.5.1.RELEASE, =1.1.4.2, =0.15.0, =0.15.0, =0.15.0, =1.0.3, =1.0.12, =1.0.3, =1.0.0, =1.0.0, =1.0.20 and more Source cves: CVE-2024-22234 Source advisory: OSV:GHSA-W3W6-26F2-P474...
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
Improper access control
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...