Spring Security Authentication Bypass Vulnerability (CVE-2022-31692) Notice

novembro 4, 2022

Overview Recently, NSFOCUS CERT found that the PoC of the Spring Security authentication bypass vulnerability (CVE-2022-31692) was publicly disclosed online. Due to improper authorization flaws, under certain conditions, an unauthenticated remote attacker can use FORWARD or INCLUDE for forwarding, thereby exploiting the vulnerability to bypass the authorization rules and ultimately achieve authentication bypass. At present, […]


Inscreva-se no Blog da NSFOCUS