When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServlet...
9.8CVSS
8.2AI Score
0.003EPSS
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorizatio...
9.8CVSS
9.2AI Score
0.009EPSS
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies securit...
9.8CVSS
9.2AI Score
0.001EPSS
Using "**" as a pattern in Spring Security configurationfor WebFlux creates a mismatch in pattern matching between SpringSecurity and Spring WebFlux, and the potential for a security bypass.
9.8CVSS
9.2AI Score
0.003EPSS