CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22234 – CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
https://notcve.org/view.php?id=CVE-2024-22234
20 Feb 2024 — In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable ... • https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34042
https://notcve.org/view.php?id=CVE-2023-34042
05 Feb 2024 — The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. El archivo spring-security.xsd dentro del jar spring-se... • https://spring.io/security/cve-2023-34042 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22236
https://notcve.org/view.php?id=CVE-2024-22236
31 Jan 2024 — In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. En Spring Cloud Contract, versiones 4.1.x anteriores a 4.1.1, versiones 4.0.x anteriores a 4.0.5 y versiones 3.1.x anteriores a 3.1.10, la ejecuc... • https://spring.io/security/cve-2024-22236 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2024-22233 – CVE-2024-22233: Spring Framework server Web DoS Vulnerability
https://notcve.org/view.php?id=CVE-2024-22233
22 Jan 2024 — In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all... • https://security.netapp.com/advisory/ntap-20240614-0005 •
CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2023-34055 – Spring Boot server Web Observations DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34055
28 Nov 2023 — In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath En las versiones 2.7.0 - 2.7.17, 3.0.0-3.0.12 y 3.1.0-3.1.5 de Spring Boot, es posible que un usuario proporcione solicitu... • https://security.netapp.com/advisory/ntap-20231221-0010 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-34053 – Spring Framework server Web Observations DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34053
28 Nov 2023 — In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-... • https://security.netapp.com/advisory/ntap-20231214-0007 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-44794
https://notcve.org/view.php?id=CVE-2023-44794
25 Oct 2023 — An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. Un problema en Dromara SaToken versión 1.36.0 y anteriores permite a un atacante remoto escalar privilegios a través de un payload manipulado a la URL. • https://github.com/dromara/Sa-Token/issues/515 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 40%CPEs: 2EXPL: 1CVE-2023-34050 – Spring AMQP Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2023-34050
19 Oct 2023 — In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originat... • https://github.com/X1r0z/spring-amqp-deserialization • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34047 – Exposure of data and identity to wrong session in Spring for GraphQL
https://notcve.org/view.php?id=CVE-2023-34047
20 Sep 2023 — A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry. Una función de cargador por lotes en Spring para las versiones GraphQL 1.1.0 - 1.1.5 y 1.2.0 - 1.2.2 puede estar expuesta al contexto GraphQL con valores, incluidos val... • https://spring.io/security/cve-2023-34047 •
CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 4CVE-2023-34040 – Java Deserialization vulnerability in Spring-Kafka When Improperly Configured
https://notcve.org/view.php?id=CVE-2023-34040
24 Aug 2023 — In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container p... • https://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040 • CWE-502: Deserialization of Untrusted Data •