Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.3
CVSSv3

CVE-2023-20862

Published: 19/04/2023 Updated: 23/08/2023
CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Spring Security

Vulnerability Summary

In Spring Security, versions 5.7.x before 5.7.8, versions 5.8.x before 5.8.3, and versions 6.0.x before 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring security

netapp active iq unified manager -

Vendor Advisories

Red Hat: Important: Jenkins and Jenkins-2-plugins security update
Synopsis Important: Jenkins and Jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

Github Repositories

https://github.com/IHTSDO/snomed-parent-bom

Maven BOM project

Maven BOM project for snomed projects Snomed master Parent BOM project, to centralise and control dependencies more conveniently For OWASP suppressions see the snomed-parent-owasp project Remember to update the version in the pomxml with each release Instructions When a project fails to build due to a CVE there are at least 3 options: An updated version of the library is

References

CWE-459https://spring.io/security/cve-2023-20862https://security.netapp.com/advisory/ntap-20230526-0002/https://access.redhat.com/errata/RHSA-2024:0778https://nvd.nist.govhttps://github.com/IHTSDO/snomed-parent-bom
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injectionCVE-2024-35894SQLCVE-2024-5105CVE-2014-100005CVE-2024-35895unauthorizedCVE-2024-22120CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook