Published: 31/10/2022 Updated: 08/08/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Spring Security, versions 5.7 before 5.7.5 and 5.6 before 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring security
netapp active iq unified manager -

Synopsis Moderate: OpenShift Container Platform 41056 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41056 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...

Synopsis Critical: OpenShift Container Platform 41056 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41056 is now available with updates to packages and ima ...

Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...

Synopsis Critical: Multicluster Engine for Kubernetes 224 security fixes and container updates Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 224 General Availability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as having a security ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2022-31690, CVE-2022-31692 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692

CVE-2022-31692 Demo Overview A simple Spring Boot application demonstrating configuration that is vulnerable to CVE-2022-31692 This vulnerability may attract attention due to its severity - it has a CVSS 3x base score of 98 as it allows authentication bypass The purpose of this project is to demonstrate the conditions described in the advisory, which lead to the vulnerabili

A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692

CVE-2022-31692 Demo Overview A simple Spring Boot application demonstrating configuration that is vulnerable to CVE-2022-31692 This vulnerability may attract attention due to its severity - it has a CVSS 3x base score of 98 as it allows authentication bypass The purpose of this project is to demonstrate the conditions described in the advisory, which lead to the vulnerabili

Architecture Weekly - links and resources to boost your knowledge and developer skills

Architecture Weekly Hi! My name is Oskar Dudycz I created this repository to share a weekly set of links that I found valuable and inspiring I hope that you'll like it! 📧 wwwarchitecture-weeklycom/ - Subscribe and get Architecture Weekly to your mailbox each Monday! Join the Paid Subscribers community to get access to exclusive webinars and a Discord channel

A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692

CVE-2022-31692 Demo Overview A simple Spring Boot application demonstrating configuration that is vulnerable to CVE-2022-31692 This vulnerability may attract attention due to its severity - it has a CVSS 3x base score of 98 as it allows authentication bypass The purpose of this project is to demonstrate the conditions described in the advisory, which lead to the vulnerabili

Demonstration of CVE-2022-31692 authorization bypass in Spring Security

CVE-2022-31692 A demonstration of a Spring Security authorization bypass See CVE-2022-31692 Spring Security Authorization bypass on Don't Panic!

NVD-CWE-noinfo https://tanzu.vmware.com/security/cve-2022-31692 https://security.netapp.com/advisory/ntap-20221215-0010/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:1656 https://github.com/SpindleSec/CVE-2022-31692 https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-107/index.html

CVE-2022-31692

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect