CVE-2024-38821 - CERT CVE
ID CVE-2024-38821
Sažetak Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's static resources support * It must have a non-permitAll authorization rule applied to the static resources support
Reference
CVSS
Base: 9.1
Impact: 5.2
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Zadnje važnije ažuriranje 28-10-2024 - 13:58
Objavljeno 28-10-2024 - 07:15