Design/Logic Flaw

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

GHSA-W3X5-427H-WFQ6 Spring Boot Admins integrated notifier support allows arbitrary code execution

Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...

Spring Boot Admins integrated notifier support allows arbitrary code execution

Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166

The CVE affects Spring Boot Admins with Spring Boot Admin Server where Notifiers (e.g., Teams-Notifier) are enabled and users have write access to environment variables via the UI. The root cause involves potential code execution via the /env actuator endpoint, enabling an attacker to inject or e...

spring-boot-admin 代码注入漏洞

spring-boot-admin is an open source based on Spring boot Mybatis backend management system , with user management , menu management and role management 3 functions , permission control to the button level . A code injection vulnerability exists in spring-boot-admin versions prior to 2.6.10 and...

PT-2022-27781 · Unknown · Spring-Boot-Admin

Name of the Vulnerable Software and Affected Versions: Spring Boot Admin versions prior to 2.6.10 Spring Boot Admin versions prior to 2.7.8 Description: The issue affects users who run Spring Boot Admin Server with enabled Notifiers and write access to environment variables via UI. This allows fo...

Moderate: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update

A minor version update from 3.14.5 to 3.18.3 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

A Bootiful Podcast: Vaadin's Marcus Hellberg on rich UIs, Spring Boot 3, GraalVM native images, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Vaadins Marcus Hellberg @marcushellberg about rich UIs, Vaadin Flow, the new Hilla Framework, GraalVM native image compilation, and so much more...

Do more with Azure Spring Apps – scale to zero and enhance productivity

In 2020, Spotify coined the term "Golden Path” to refer to a supported approach and set of components to build and deploy software. Having these paths simplifies the development process, lets developers focus on their applications instead of infrastructure and speeds time to production. Microsoft...

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

PT-2022-27951 · Jenkins · Jenkins Spring Config Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Spring Config Plugin versions 2.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because build display names shown on the Spring Config view are not escaped, allowing attackers who c...

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

CVE-2022-46687

CVE-2022-46687 affects Jenkins Spring Config Plugin 2.0.0 and earlier. The vulnerability arises because build display names shown in the Spring Config view are not escaped, causing stored XSS when an attacker can modify those names. Affected versions: 2.0.0 and earlier. Mitigation: upgrade to 2.0...

This Week in Spring - December 6th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? You know what Ive wanted to do? See my friends on the Spring team in person since the pandemic descended. And, Im overjoyed to relate, Ive just had the privilege of a nice meeting with several of them last night...

GHSA-W66J-XC7R-M2JV camel-ldap component allows LDAP Injection when using the filter option

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component which is not affected or upgrade to 3.14.6 or 3.18.4...

camel-ldap component allows LDAP Injection when using the filter option

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component which is not affected or upgrade to 3.14.6 or 3.18.4...