You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Improper Access Control when the application uses AuthenticatedVoter directly and a null authentication parameter is passed to it. Exploiting this vulnerability resulting in an erroneous true return value.
Note
Users are not affected if:
The application does not use AuthenticatedVoter#vote directly.
The application does not pass null to AuthenticatedVoter#vote.
Remediation
Upgrade org.springframework.security:spring-security-core to version 5.7.12, 5.8.11, 6.0.10, 6.1.8, 6.2.3 or higher.
Overview
org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Improper Access Control when the application uses
AuthenticatedVoterdirectly and anullauthentication parameter is passed to it. Exploiting this vulnerability resulting in an erroneoustruereturn value.Note
Users are not affected if:
The application does not use
AuthenticatedVoter#votedirectly.The application does not pass
nulltoAuthenticatedVoter#vote.Remediation
Upgrade
org.springframework.security:spring-security-coreto version 5.7.12, 5.8.11, 6.0.10, 6.1.8, 6.2.3 or higher.References
The text was updated successfully, but these errors were encountered: