CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codecentric:spring_boot_admin:*:*:*:*:*:*:*:*
cpe:2.3:a:codecentric:spring_boot_admin:*:*:*:*:*:*:*:*
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m4:*:*:*:*:*:*
cpe:2.3:a:codecentric:spring_boot_admin:3.0.0:m5:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.0
References () https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75 - Patch, Third Party Advisory () https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75 - Patch, Third Party Advisory
References () https://github.com/codecentric/spring-boot-admin/security/advisories/GHSA-w3x5-427h-wfq6 - Mitigation, Third Party Advisory () https://github.com/codecentric/spring-boot-admin/security/advisories/GHSA-w3x5-427h-wfq6 - Mitigation, Third Party Advisory

07 Nov 2023, 03:55

Type Values Removed Values Added
Summary Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint. Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.

Information

Published : 2022-12-09 21:15

Updated : 2024-11-21 07:30


NVD link : CVE-2022-46166

Mitre link : CVE-2022-46166

CVE.ORG link : CVE-2022-46166


JSON object : View

Products Affected

codecentric

  • spring_boot_admin
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')