Overview
- Description
- Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources support
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
Weaknesses
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-770
Social media
- Hype score
- Not currently trending
Spring WebFlux の認証バイパスの脆弱性 CVE-2024-38821:PoC エクスプロイトが公開 https://t.co/W4IR4NenoH #Exploit #PoCExploit #Spring #Vulnerability #WebFlux
@iototsecnews
11 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Spring WebFlux の認証バイパスの脆弱性 CVE-2024-38821 が FIX:直ちにアップデートを! https://t.co/Aum3gknQVH #Framework #OpenSource #Spring #Vulnerability #WebFlux
@iototsecnews
6 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - mouadk/cve-2024-38821: cve-2024-38821 https://t.co/TnPSrcYIbI
@hdH4dg8
4 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-35202 2 - CVE-2024-38821 3 - CVE-2024-51378 4 - CVE-2024-50550 5 - CVE-2024-9264 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Nov 2024
125 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
PoC Exploit Releases for Spring WebFlux Authorization Bypass – CVE-2024-38821 https://t.co/DiZykTtNJJ
@Dinosn
2 Nov 2024
1404 Impressions
2 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45216 2 - CVE-2024-38821 3 - CVE-2023-23397 4 - CVE-2024-51378 5 - CVE-2024-46538 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Nov 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This is a well-written article about CVE-2024-38821 — a critical Spring authorization bypass vulnerability. The blog post provides a clear explanation of filters and handlers workflows. https://t.co/mdoMC2B5HG
@m1ke_n1
2 Nov 2024
6524 Impressions
32 Retweets
112 Likes
68 Bookmarks
0 Replies
1 Quote
PoC Exploit Releases for Spring WebFlux Authorization Bypass – CVE-2024-38821 - https://t.co/TBoGsxdq2s
@moton
2 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PoC Exploit Releases for Spring WebFlux Authorization Bypass - CVE-2024-38821 Discover the technical details of CVE-2024-38821 exploit in Spring WebFlux and understand the potential risks it poses to your application's security. https://t.co/NAQoqUn98b
@the_yellow_fall
2 Nov 2024
178 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - mouadk/cve-2024-38821: cve-2024-38821 - https://t.co/NXiwK2nnKE
@piedpiper1616
31 Oct 2024
587 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-38821 (CVSS 9.1) Allows Authorization Bypass in Spring WebFlux Applicat CVE-2024-38821 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/8vKsUTGDxP #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
30 Oct 2024
54 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical CVE-2024-38821 in Spring WebFlux: Allows authorization bypass for static resources! Affects Spring Security 5.7-6.3+. For EOL versions, HeroDevs’ Spring NES offers ongoing patches to keep legacy apps secure. #AppSec #Cybersecurity https://t.co/FrE30Bp0Ny
@herodevs
29 Oct 2024
285 Impressions
4 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Spring Security fixes Critical Vulnerability CVE-2024-38821 #SpringSecurity #CVE-2024-38821 https://t.co/Als6AhSwgG
@pravin_karthik
29 Oct 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-38821: Authorization Bypass of Static Resources in WebFlux Applications #PatchNOW #Spring #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/rhZoZRoz6H
@patchnow24x7
29 Oct 2024
27 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-38821: Authorization Bypass of Static Resources in WebFlux Applications #PatchNOW #Spring #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/0lWXCBPoMP
@patchnow24x7
29 Oct 2024
49 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-38821: Authorization Bypass of Static Resources in WebFlux Applications #PatchNOW #Spring #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/6e8wFn0xd4
@patchnow24x7
29 Oct 2024
108 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-38821: Authorization Bypass of Static Resources in WebFlux Applications #PatchNOW #Spring #Vulnerability #cybersecurity #ComputerSecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https://t.co/h8pBEywCxR
@patchnow24x7
29 Oct 2024
694 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-38821: Authorization Bypass of Static Resources in WebFlux Applications Technical Details and Analysis: https://t.co/TkL5vPNDQH #PatchNOW #Spring #Vulnerability #cybersecurity #hacked #Cyberattack #infosec #informationsecurity #CyberSecurityAwareness #DataBreach https:
@patchnow24x7
29 Oct 2024
124 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
2 Quotes
CVE-2024-38821 (CVSS 9.1) Allows Authorization Bypass in Spring WebFlux Applications https://t.co/qkzJQKM2JZ
@Dinosn
29 Oct 2024
1755 Impressions
3 Retweets
15 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 13 new *Critical* CVEs reported in the last 24h! 🚨 CVE-2024-10440: SQL Injection in Sunnet eHDR CTMS (9.8) CVE-2024-38821: Spring WebFlux auth rules bypass (9.1) CVE-2024-50477: Stacks App auth bypass (9.8) CVE-2024-50478: Swoop 1-Click Login auth bypass (9.8)… https://t.co/
@Ransom_DB
29 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 13 new Critical CVEs reported in the last 24h! 🚨 CVE-2024-10440: SQL Injection in Sunnet eHDR CTMS (9.8) CVE-2024-38821: Spring WebFlux auth rules bypass (9.1) CVE-2024-50477: Stacks App auth bypass (9.8) CVE-2024-50478: Swoop 1-Click Login auth bypass (9.8) CVE-2024-50479:…
@Ransom_DB
29 Oct 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
There is a new vulnerability with elevated criticality in Vmware Spring Security (CVE-2024-38821) https://t.co/2r3wMbodYK
@vuldb
28 Oct 2024
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-38821 Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an appl… https://t.co/HQCHF79k1g
@CVEnew
28 Oct 2024
541 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-38821: CRITICAL] Important! Spring WebFlux apps with Spring Security can have authorization rules on static resources bypassed. Conditions apply: WebFlux app, Spring's static resources, non-permitAll rule.#cybersecurity,#vulnerability https://t.co/SmBX7ItlGW https://t.c
@CveFindCom
28 Oct 2024
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote