Information disclosure

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

CVE-2022-23726

PingCentral contains an exposure where Spring Boot actuator endpoints are accessible with administrative authentication, leaking extensive environmental and application information. Affected: PingCentral versions prior to the listed versions. Root cause: actuator endpoints exposed due to access c...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

PT-2022-16230 · Unknown · Spring Boot +1

Name of the Vulnerable Software and Affected Versions: PingCentral versions prior to listed versions Description: The issue exposes Spring Boot actuator endpoints, which can return large amounts of sensitive environmental and application information when accessed with administrative authenticatio...

Ping Identity PingCentral 安全漏洞

Ping Identity PingCentral is a self-service delegation management software from Ping Identity, Inc. A security vulnerability exists in Ping Identity PingCentral that originates from exposing the Spring Boot executor endpoint to obtain a large amount of sensitive information...

cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +52 more potentially affected by CVE-2022-40929 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.0.7, =1.0.8 and more Source cves: CVE-2022-40929 Source advisory: OSV:GHSA-M54F-RP6R-RRRM...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews of files and documents. A security vulnerability exists in kkFileView v4.1.0, which stems from the errorMsg parameter being vulnerable to cross-site scripting...

Nepxion Discovery Remote Code Execution Vulnerability

Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...

Delete Passwords: Passwordless Connections for Spring Boot Apps to Azure Services

Using username/password credentials to access one application from another presents a huge security risk for many reasons. Today, we are announcing the preview of passwordless connections for Java applications to Azure database and eventing services, letting you finally shift away from using...

This Week in Spring - September 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...

Native Support in Spring Boot 3.0.0-M5

The Spring Team has been working on native image support for Spring Applications for quite some time. After 3+ years of incubation in the Spring Native experimental project with Spring Boot 2, native support is moving to General Availability with Spring Framework 6 and Spring Boot 3! Native image...

Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

GHSA-Q979-9M39-23MQ Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

GHSA-HHXH-QPHC-V423 Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

Design/Logic Flaw

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

CVE-2022-23463 SpEL Injection in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...