CVE-2022-31692

Spring Security Authentication Bypass Vulnerability (CVE-2022-31692) Notice

November 4, 2022

Overview Recently, NSFOCUS CERT found that the PoC of the Spring Security authentication bypass vulnerability (CVE-2022-31692) was publicly disclosed online. Due to improper authorization flaws, under certain conditions, an unauthenticated remote attacker can use FORWARD or INCLUDE for forwarding, thereby exploiting the vulnerability to bypass the authorization rules and ultimately achieve authentication bypass. At present, […]

Search

Subscribe to the NSFOCUS Blog