CVE-2024-22257
Published Mar 18, 2024
Last updated 3 days ago
Overview
- Description
- In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
Weaknesses
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
Social media
- Hype score
- Not currently trending