CVE-2023-34034

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Spring WebFlux versions (affected versions not specified)

Description Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. The issue may allow a remote attacker to bypass existing security restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Improper Preservation of Permissions

Improper Access Control

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-254CWE-281CWE-284CWE-285

Related Identifiers

BDU:2023-03799

BDU:2023-03800

CVE-2023-34034

GHSA-3H6F-G5F3-GC4W

Affected Products

Spring Webflux

CVE-2023-34034

Weakness Enumeration

Related Identifiers

Affected Products

References · 32