CVE-2024-22257

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Configurations

No configuration.

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://security.netapp.com/advisory/ntap-20240419-0005/ - () https://security.netapp.com/advisory/ntap-20240419-0005/ -
References () https://spring.io/security/cve-2024-22257 - () https://spring.io/security/cve-2024-22257 -

12 Nov 2024, 16:35

Type Values Removed Values Added
CWE CWE-862

19 Apr 2024, 07:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240419-0005/ -
Summary
  • (es) En Spring Security, versiones 5.7.x anteriores a 5.7.12, 5.8.x anteriores a 5.8.11, versiones 6.0.x anteriores a 6.0.9, versiones 6.1.x anteriores a 6.1.8, versiones 6.2.x anteriores a 6.2 .3, una aplicación es posiblemente vulnerable a un control de acceso roto cuando utiliza directamente el voto Autenticado#voto pasando un parámetro de autenticación nulo.

18 Mar 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-18 15:15

Updated : 2024-11-21 08:55


NVD link : CVE-2024-22257

Mitre link : CVE-2024-22257

CVE.ORG link : CVE-2024-22257


JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization