Broken Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3. Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...

Incorrect Authorization in Spring Cloud Netflix Zuul

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-gateway-conf (=3.1.0.RELEASE) +78 more potentially affected by CVE-2021-22113 via org.springframework.cloud:spring-cloud-netflix-zuul (>=2.0.0.RELEASE <=2.2.6.RELEASE)

org.springframework.cloud:spring-cloud-netflix-zuul MAVEN version =2.0.0.RELEASE, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =B.0.0.1, =D.0.1.0-Beta-3 and more Source cves: CVE-2021-22113 Source advisory: OSV:GHSA-VWPG-F6GW-RJVFhttps://vulners.com/osv/OSV:GHSA-VWPG-F6GW-RJVF...

GHSA-VWPG-F6GW-RJVF Incorrect Authorization in Spring Cloud Netflix Zuul

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

Authentication flaw

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26077

Atlassian Connect Spring Boot (ACSB) has a Broken Authentication issue in affected versions: 1.1.0 to 2.1.3 and 2.1.4 to 2.1.5. The root cause is acceptance of context JWTs in lifecycle endpoints (e.g., installation) where server-to-server JWTs are required, enabling authenticated re-installation...

PT-2021-16944 · Atlassian · Connect Spring Boot

Name of the Vulnerable Software and Affected Versions: Atlassian Connect Spring Boot versions 1.1.0 through 2.1.3 Atlassian Connect Spring Boot versions 2.1.4 through 2.1.5 Description: The issue concerns Atlassian Connect Spring Boot, a Java Spring Boot package for building Atlassian Connect app...

Atlassian Connect Spring Boot 授权问题漏洞

Atlassian Connect Spring Boot is an application component from Atlassian Australia. A Spring Boot starter program is provided for building Atlassian Connect add-ons for JIRA Software, Service Desk and Core and Confluence. An authorization issue vulnerability exists in Atlassian Connect Spring Boo...

Improper Authentication in Apache Shiro

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

GHSA-26GR-CVQ3-QXGF Improper Authentication in Apache Shiro

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

Improper Authentication in Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

GHSA-72W9-FCJ5-3FCG Improper Authentication in Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

com.github.mswolfe:spring-query-filter (>=4.2.0 <=4.3.2), io.github.cyjishuang:swagger-mode (=1.0) potentially affected by CVE-2020-5421 via org.springframework:spring-framework-bom (>=4.2.3.RELEASE <=4.3.14.RELEASE)

org.springframework:spring-framework-bom MAVEN version =4.2.3.RELEASE, =4.2.0, =4.3.2 - io.github.cyjishuang:swagger-mode =1.0 Source cves: CVE-2020-5421 Source advisory: OSV:GHSA-RV39-3QH7-9V7W...

GHSA-RV39-3QH7-9V7W Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

Improper Input Validation in Spring Framework

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...

cn.felord:payment-spring-boot-starter (>=1.0.0.RELEASE <=1.0.10.RELEASE), cn.hermesdi:api-crypto-spring-boot-starter (>=1.0.0 <=1.0.0.RELEASE) +150 more potentially affected by CVE-2020-28052 via org.bouncycastle:bcprov-jdk15to18 (>=1.65 <=1.66)

org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.65, =1.0.0.RELEASE, =1.0.0, =1.5.1, =2.0.0, =0.7.7, =0.7.7, =0.7.7, =0.7.7, =0.0.1, =0.0.1, =1.0.0, =5.23.1, =5.24.6 and more Source cves: CVE-2020-28052 Source advisory: OSV:GHSA-73XV-W5GP-FRXH...