1124 matches found
CVE-2023-20862
In CVE-2023-20862, the Spring Security logout flow fails to properly clean the security context when serialized contexts are used, and saving an empty security context to HttpSessionSecurityContextRepository is blocked. Affected versions are Spring Security 5.7.x prior to 5.7.8, 5.8.x prior to 5....
PT-2023-9021 · Spring · Spring Security
Name of the Vulnerable Software and Affected Versions: Spring Security versions 5.7.x through 5.7.7 Spring Security versions 5.8.x through 5.8.2 Spring Security versions 6.0.x through 6.0.2 Description: The issue is related to the logout support not properly cleaning the security context if using...
spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client via the browser to the Authorization Server, an attacker can gain elevated privileges on the system...
spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules...
Exploit for Incorrect Authorization in Vmware Spring_Security
CVE-2022-22978 POC environment CVE-2022-22978 Spring-Security bypass Demo 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 影响范围 Spring Security 5.5.x http://localhost:8080/admin/index%0a Docker docker pull s0cke3t/cve-2022-22978:latest...
Security Bulletin: There is a security vulnerability in Spring Security used by IBM Maximo Data Loader (CVE-2022-31692)
Summary There is a security vulnerability in Spring Security used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher...
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
GHSA-7PHW-CXX7-Q9VQ Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
UBUNTU-CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
CVE-2023-20860
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass...
PT-2023-2259 · Spring +1 · Spring Mvc +3
Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.25 Spring Framework versions 6.0.0 through 6.0.6 Description: The issue is related to a mismatch in pattern matching between Spring Security and Spring MVC when using "" as a pattern in Spring...
Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security bug fix and enhancement update
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client via the browser to the Authorization Server, an attacker can gain elevated privileges on the system...
Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Spring Security (CVE-2022-31692, CVE-2022-22978)
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Spring Security Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...
Exploit for Incorrect Authorization in Vmware Spring_Security
CVE 2022-22978: Authorization Bypass in RegexRequestMatcher...
K10520421: Spring Security OAuth vulnerability CVE-2018-1260
Security Advisory Description Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the...
K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509
Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...