spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...

The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method in the Java framework for securing industrial applications by Spring Security allows attackers to influence the integrity and confidentiality of protected information.

The vulnerability of the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method in the Java framework for securing industrial applications by Spring Security is related to deficiencies in access control when processing the null parameter. Exploiting this vulnerability could allow a...

GHSA-W3W6-26F2-P474 Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...