CVE-2024-22234

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

GHSA-W3W6-26F2-P474 Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1168 more potentially affected by CVE-2024-22234 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.1)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =v1.0.26, =1.0.18, =1.0.2, =1.0.2, =1.0.11, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.2.2 and more Source cves: CVE-2024-22234 Source advisory: OSV:GHSA-W3W6-26F2-P474...

be.personify.iam:personify-frontend (>=1.5.1.RELEASE <=1.5.2.RELEASE), br.com.m4rc310:br-com-m4rc310-gql (=1.0.58) +1292 more potentially affected by CVE-2024-22234 via org.springframework.security:spring-security-core (>=6.1.0 <=6.1.6)

org.springframework.security:spring-security-core MAVEN version =6.1.0, =1.5.1.RELEASE, =1.1.4.2, =0.15.0, =0.15.0, =0.15.0, =1.0.3, =1.0.12, =1.0.3, =1.0.0, =1.0.0, =1.0.20 and more Source cves: CVE-2024-22234 Source advisory: OSV:GHSA-W3W6-26F2-P474...

Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

Improper access control

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

CVE-2024-22234

CVE-2024-22234 (Spring Security) Affected: Spring Security 6.1.x prior to 6.1.7 and 6.2.x prior to 6.2.2.Vulnerability: Broken access control when an application directly calls AuthenticationTrustResolver.isFullyAuthenticated(Authentication) with a null parameter, which can erroneously return tru...

This Week in Spring - February 20th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...

VMware Spring Security 安全漏洞

Spring Security is a Spring-based enterprise applications can provide a declarative security access control solution for the security framework . It provides a set of beans that can be configured in the Spring application context , taking full advantage of the Spring IoC, DI Control Inversion...

PT-2024-1840 · Unknown · Spring Security

Name of the Vulnerable Software and Affected Versions: Spring Security versions 6.1.x through 6.1.6 Spring Security versions 6.2.x through 6.2.1 Description: The issue is related to broken access control in Spring Security when the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34055)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34055 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework [CVE-2023-20861, CVE-2023-20860]

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework used by InfoSphere Information Server were addressed. CVE-2023-20861, CVE-2023-20860 Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.3 release security update

Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.5 release and security update

Red Hat Integration Camel for Spring Boot 3.20.5 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...