Spring Security Bypass Vulnerability

Issue date: 14-08-2024
Affects versions: 15.7

Security Issue ID

SECURITY-486

Affected Product Version(s)

15.7.0 (and previous patch releases)

Severity

Critical

Description

CVE-2023-34034

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

CVSS v3 Base Score: 9.8

CWE-281: Improper Preservation of Permissions

Instructions

Customers are recommended to upgrade to the latest version. As of the time of writing, 16.0.0.

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Spring Security Bypass Vulnerability