CVE-2023-20873

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
RedHat

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass.

Specifically, an application is vulnerable when all of the following are true:

* You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**.
* The application is deployed to Cloud Foundry.

An application is not vulnerable if any of the following is true:

* The application is not deployed to Cloud Foundry
* You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false.
* Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-01 CVE Reserved
2023-04-20 CVE Published
2024-08-02 CVE Updated
2024-11-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control

CAPEC

References (5)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20230601-0009	Third Party Advisory
https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://spring.io/security/cve-2023-20873	2023-08-28
https://access.redhat.com/security/cve/CVE-2023-20873	2023-12-06
https://bugzilla.redhat.com/show_bug.cgi?id=2231491	2023-12-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vmware Search vendor "Vmware"		Spring Boot Search vendor "Vmware" for product "Spring Boot"				< 2.5.15 Search vendor "Vmware" for product "Spring Boot" and version " < 2.5.15"		-		Affected
Vmware Search vendor "Vmware"		Spring Boot Search vendor "Vmware" for product "Spring Boot"				>= 2.6.0 < 2.6.14 Search vendor "Vmware" for product "Spring Boot" and version " >= 2.6.0 < 2.6.14"		-		Affected
Vmware Search vendor "Vmware"		Spring Boot Search vendor "Vmware" for product "Spring Boot"				>= 2.7.0 < 2.7.11 Search vendor "Vmware" for product "Spring Boot" and version " >= 2.7.0 < 2.7.11"		-		Affected
Vmware Search vendor "Vmware"		Spring Boot Search vendor "Vmware" for product "Spring Boot"				>= 3.0.0 < 3.0.6 Search vendor "Vmware" for product "Spring Boot" and version " >= 3.0.0 < 3.0.6"		-		Affected