CVE-2023-20873 - OpenCVE

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Amq Streams Camel Spring Boot
Vmware	Spring Boot

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_boot::::::::
	cpe:2.3:a:vmware:spring_boot::::::::
	cpe:2.3:a:vmware:spring_boot::::::::
	cpe:2.3:a:vmware:spring_boot::::::::

Package	CPE	Advisory	Released Date
Red Hat AMQ Streams 2.6.0
spring-boot	cpe:/a:redhat:amq_streams:2	RHSA-2023:7678	2023-12-06T00:00:00Z
RHINT Camel-Springboot 3.18.3.2
spring-boot	cpe:/a:redhat:camel_spring_boot:3.18	RHSA-2023:5147	2023-09-13T00:00:00Z
RHINT Camel-Springboot 3.20.2
spring-boot	cpe:/a:redhat:camel_spring_boot:3.20	RHSA-2023:5148	2023-09-13T00:00:00Z

References

Link	Providers
https://github.com/advisories/GHSA-g5h3-w546-pj7f
https://nvd.nist.gov/vuln/detail/CVE-2023-20873
https://security.netapp.com/advisory/ntap-20230601-0009/
https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now
https://spring.io/security/cve-2023-20873
https://spring.io/security/cve-2023-20873/
https://www.cve.org/CVERecord?id=CVE-2023-20873

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2023-04-20T00:00:00

Updated: 2024-08-02T09:21:33.339Z

Reserved: 2022-11-01T00:00:00

Link: CVE-2023-20873

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-20T21:15:08.717

Modified: 2023-08-28T13:15:09.267

Link: CVE-2023-20873

Redhat

Severity : Important

Publid Date: 2023-05-18T00:00:00Z

Links: CVE-2023-20873 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A1932B4-20A2-4ADF-B631-8BF26E7FF0BC", "versionEndExcluding": "2.5.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "45ABFC0F-28B7-436E-8868-28E64A4C3110", "versionEndExcluding": "2.6.14", "versionStartIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "E03EEFE1-487C-4924-AE1E-864067CD381F", "versionEndExcluding": "2.7.11", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_boot:*:*:*:*:*:*:*:*", "matchCriteriaId": "5383A7EE-8667-455F-9B4E-08200F831007", "versionEndExcluding": "3.0.6", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+."}], "id": "CVE-2023-20873", "lastModified": "2023-08-28T13:15:09.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-20T21:15:08.717", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230601-0009/"}, {"source": "security@vmware.com", "url": "https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2023-20873"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7678", "cpe": "cpe:/a:redhat:amq_streams:2", "package": "spring-boot", "product_name": "Red Hat AMQ Streams 2.6.0", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:5147", "cpe": "cpe:/a:redhat:camel_spring_boot:3.18", "package": "spring-boot", "product_name": "RHINT Camel-Springboot 3.18.3.2", "release_date": "2023-09-13T00:00:00Z"}, {"advisory": "RHSA-2023:5148", "cpe": "cpe:/a:redhat:camel_spring_boot:3.20", "package": "spring-boot", "product_name": "RHINT Camel-Springboot 3.20.2", "release_date": "2023-09-13T00:00:00Z"}], "bugzilla": {"description": "spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry", "id": "2231491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231491"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.", "A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass.\nSpecifically, an application is vulnerable when all of the following are true:\n* You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**.\n* The application is deployed to Cloud Foundry.\nAn application is not vulnerable if any of the following is true:\n* The application is not deployed to Cloud Foundry\n* You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false.\n* Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**."], "mitigation": {"lang": "en:us", "value": "Disable Cloud Foundry actuator endpoints by setting 'management.cloudfoundry.enabled' to false."}, "name": "CVE-2023-20873", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Affected", "impact": "low", "package_name": "spring-boot", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "log4j:2/log4j", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "log4j", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "spring-boot", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "spring-boot", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "impact": "low", "package_name": "spring-boot", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "impact": "low", "package_name": "spring-boot", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat support for Spring Boot"}], "public_date": "2023-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-20873\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20873\nhttps://github.com/advisories/GHSA-g5h3-w546-pj7f\nhttps://spring.io/security/cve-2023-20873/"], "statement": "The following Red Hat products do not ship the affected software component and so are not affected:\n* Red Hat Enterprise Linux 8, 9\n* Enterprise Application Platform 6, 7, 8, XP\n* Data Grid 7, 8\n* Migration Toolkit for Runtimes\n* Red Hat Build of OptaPlanner\n* Red Hat Integration Camel-K\n* Red Hat AMQ Broker 7\n* Red Hat AMQ Clients 2\n* Red Hat AMQ Streams 2\n* Red Hat Fuse 6\n* Red Hat Fuse 7\n* Red Hat VertX 4\nThe following Red Hat products ship the affected software but do not enable or do not ship the vulnerable classes, and so are affected but at Low security impact.\n* Red Hat Decision Manager 7\n* Red Hat Process Automation Manager 7\n* Red Hat Single Sign-On 7", "threat_severity": "Important", "upstream_fix": "spring-boot 2.5.15, spring-boot 2.6.15, spring-boot 2.7.11, spring-boot 3.0.6"}