5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
org.springframework.security: spring-security-config is vulnerable to Incorrect File Permissions. The vulnerability is due to insecure permissions assigned to the spring-security.xsd
file inside the spring-security-config jar which is world writable. An attacker with access to the filesystem can overwrite this file, resulting in exploitation.
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%