.avif)
View all vulnerabilities
CVE-2023-34034
Access Control Bypass in Spring Security
Description
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
9.1
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Versions
org.springframework.security:spring-security-config >= 5.6.0 < 5.6.12; org.springframework.security:spring-security-config >= 5.7.0 < 5.7.10; org.springframework.security:spring-security-config >= 5.8.0 < 5.8.5; org.springframework.security:spring-security-config >= 6.0.0 < 6.0.5; org.springframework.security:spring-security-config >= 6.1.0 < 6.1.2
Severity
Critical
Critical
Critical
Ecosystem
Java
Publish Date
July 19, 2023
Modified Date
October 28, 2024