CVS 2023-34034

Spring Security Identity Authentication Bypass Vulnerability (CVS 2023-34034)

julho 25, 2023

Overview Recently, NSFOCUS CERT monitored Spring’s official security announcement and disclosed an identity bypass vulnerability in Spring Security. Using ‘**’ as the pattern in the Spring Security configuration of WebFlux can cause a pattern mismatch between Spring Security and Spring WebFlux, and may result in identity authentication bypass. CVSS score is 9.1. Affected users should […]


Inscreva-se no Blog da NSFOCUS