Spring Security Security Vulnerabilities and Issues — Spring Security CVE List

Lucene search

VmwareSpring Security

3 matches found

CVE•added 2024/02/20 7:15 a.m.•107 views

CVE-2024-22234

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: The applicatio...

7.4CVSS7.4AI score0.01635EPSS

CVE•added 2024/02/05 10:15 p.m.•63 views

CVE-2023-34042

The spring-security.xsd file inside thespring-security-config jar is world writable which means that if it wereextracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732:Incorrect Permission Assignment for Critical Resou...

5.5CVSS5.3AI score0.00043EPSS

CVE•added 2024/08/20 4:15 a.m.•54 views

CVE-2024-38810

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

7.5CVSS6.5AI score0.00286EPSS