In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-03-18T14:18:52.986Z
Updated: 2024-08-01T22:43:34.618Z
Reserved: 2024-01-08T18:43:15.942Z
Link: CVE-2024-22257
Vulnrichment
Updated: 2024-08-01T22:43:34.618Z
NVD
Status : Awaiting Analysis
Published: 2024-03-18T15:15:41.790
Modified: 2024-04-19T07:15:09.223
Link: CVE-2024-22257
Redhat