CVE-2023-34034
Description
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-34034
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VMware
Severity: CRITICAL
CVE ID: CVE-2023-34034
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Proof Of Concept
hotblac
Demonstration of CVE-2023-24034 authorization bypass in Spring Security
Refrence: GitHub