CVSS: 10.0EPSS: 30%CPEs: 5EXPL: 1CVE-2023-34034 – spring-security-webflux: path wildcard leads to security bypass
https://notcve.org/view.php?id=CVE-2023-34034
19 Jul 2023 — Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information disclosure, access of func... • https://github.com/hotblac/cve-2023-34034 • CWE-145: Improper Neutralization of Section Delimiters CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20862 – spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout
https://notcve.org/view.php?id=CVE-2023-20862
19 Apr 2023 — In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to ... • https://security.netapp.com/advisory/ntap-20230526-0002 • CWE-459: Incomplete Cleanup •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-31690 – spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
https://notcve.org/view.php?id=CVE-2022-31690
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Sect... • https://security.netapp.com/advisory/ntap-20221215-0010 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 3CVE-2022-31692 – spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security
https://notcve.org/view.php?id=CVE-2022-31692
31 Oct 2022 — Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forwar... • https://github.com/SpindleSec/cve-2022-31692 • CWE-863: Incorrect Authorization •