CVE-2024-22257

HIGH(8.2)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Risk Signal Score21/100 — NIEDRIG

CVSS 8.2 — Hoch

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

8.2

Technische Schwere

Beschreibung

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

Referenzen

https://security.netapp.com/advisory/ntap-20240419-0005/
https://spring.io/security/cve-2024-22257
https://github.com/dependency-check/DependencyCheck/issues/8642
https://security.netapp.com/advisory/ntap-20240419-0005/
https://spring.io/security/cve-2024-22257