Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2024/07/25 7:26 p.m.5 views

spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

7.4CVSS5.7AI score0.00682EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/06/03 11:52 a.m.3 views

spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

7.4CVSS5.7AI score0.00682EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/02/27 12:0 a.m.7 views

The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method in the Java framework for securing industrial applications by Spring Security allows attackers to influence the integrity and confidentiality of protected information.

The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method in the Java framework for securing industrial applications by Spring Security is related to deficiencies in access control when processing the null parameter. Exploiting this vulnerability could allow a...

7.4CVSS7.2AI score0.00682EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/02/20 9:30 a.m.1 views

GHSA-W3W6-26F2-P474 Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

7.4CVSS7.2AI score0.00682EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.5 views

PT-2024-1840

Name of the Vulnerable Software and Affected Versions Spring Security versions 6.1.x through 6.1.6 Spring Security versions 6.2.x through 6.2.1 Description The issue is related to broken access control in Spring Security when the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication meth...

7.4CVSS7.2AI score0.00682EPSS
Exploits0References22
Rows per page
Query Builder