CVSS: 10.0EPSS: 30%CPEs: 5EXPL: 1CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
19 Jul 2023 — Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of func... • https://github.com/hotblac/cve-2023-34034 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31690 – spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
https://notcve.org/view.php?id=CVE-2022-31690
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Sect... • https://security.netapp.com/advisory/ntap-20221215-0010 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 7%CPEs: 4EXPL: 3CVE-2022-31692 – spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
https://notcve.org/view.php?id=CVE-2022-31692
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forwar... • https://github.com/SpindleSec/cve-2022-31692 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2022-22976 – springframework: BCrypt skips salt rounds for work factor of 31
https://notcve.org/view.php?id=CVE-2022-22976
19 May 2022 — Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. Spring Security versiones 5.5.x anteriores a 5.5.7, 5.6.x anteriores a 5.6.4 y versiones anteriores no soportadas, contienen una vulnerabilidad de desbordamiento de enteros.... • https://github.com/spring-io/cve-2022-22976-bcrypt-skips-salt • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 90%CPEs: 7EXPL: 6CVE-2022-22978 – springframework: Authorization Bypass in RegexRequestMatcher
https://notcve.org/view.php?id=CVE-2022-22978
19 May 2022 — In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedo... • https://github.com/DeEpinGh0st/CVE-2022-22978 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •