30 results (0.003 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. El archivo spring-security.xsd dentro del jar spring-security-config se puede escribir en todo el mundo, lo que significa que si se extrajera, cualquier persona con acceso al sistema de archivos podría escribirlo. Si bien no se conocen exploits, este es un ejemplo de "CWE-732: Asignación de permisos incorrecta para recursos críticos" y podría resultar en un exploit. Los usuarios deben actualizar a la última versión de Spring Security para mitigar cualquier vulnerabilidad futura que se encuentre en torno a este problema. • https://spring.io/security/cve-2023-34042 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of functionality outside the user's permissions, or denial of service. • https://security.netapp.com/advisory/ntap-20230814-0008 https://spring.io/security/cve-2023-34034 https://access.redhat.com/security/cve/CVE-2023-34034 https://bugzilla.redhat.com/show_bug.cgi?id=2241271 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 2

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints • https://github.com/mouadk/CVE-2023-34035-Poc https://spring.io/security/cve-2023-34035 • CWE-863: Incorrect Authorization •

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. A flaw was found in Spring Security. • https://security.netapp.com/advisory/ntap-20230526-0002 https://spring.io/security/cve-2023-20862 https://access.redhat.com/security/cve/CVE-2023-20862 https://bugzilla.redhat.com/show_bug.cgi?id=2227788 • CWE-459: Incomplete Cleanup •

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token. Spring Security, las versiones 5.7 anteriores a 5.7.5 y 5.6 anteriores a 5.6.9 y las versiones anteriores no compatibles podrían ser susceptibles a una escalada de privilegios bajo ciertas condiciones. Un usuario malicioso o un atacante puede modificar una solicitud iniciada por el Cliente (a través del navegador) al Servidor de Autorización, lo que puede provocar una escalada de privilegios en la aprobación posterior. • https://security.netapp.com/advisory/ntap-20221215-0010 https://tanzu.vmware.com/security/cve-2022-31690 https://access.redhat.com/security/cve/CVE-2022-31690 https://bugzilla.redhat.com/show_bug.cgi?id=2162200 • CWE-269: Improper Privilege Management •