CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-31692

CVSS 9.8v3.1pub. 2022-10-31upd. 2025-05-06

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • VMware Spring Security

    APP
    Vmware
    5.6.0 – 5.6.9 (bez)5.7.0 – 5.7.5 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2026-22732CRITICAL9.1PL ✓ten sam produkt

VMware Spring Security — brak zapisu nagłówków HTTP odpowiedzi

CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4

CVE-2024-47561CRITICAL9.2PL ✓ten sam produkt

Apache Avro Java SDK — RCE przez niebezpieczną deserializację schematu

CVE-2023-38545CRITICAL9.8ten sam produkt

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass a...