PT-2023-3578 · Spring · Spring Webflux

Ha1C9On

Publicado

2023-07-17

Atualizado

2024-10-28

CVE-2023-34034

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Spring WebFlux versions (affected versions not specified)

Description Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. The issue may allow a remote attacker to bypass existing security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Improper Preservation of Permissions

Improper Access Control

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-254CWE-281CWE-284CWE-285

Identificadores relacionados

BDU:2023-03799

BDU:2023-03800

CVE-2023-34034

GHSA-3H6F-G5F3-GC4W

Produtos afetados

Spring Webflux

PT-2023-3578 · Spring · Spring Webflux

CVE-2023-34034

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32