1. CVE-Search
  2. CVE-2023-34034
ID CVE-2023-34034
Summary Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 14-08-2023 - 19:15
Published 19-07-2023 - 15:15
Last modified 14-08-2023 - 19:15
Back to Top