Skip to main content

CVE-2023-34034

Description

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-34034
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VMware
Severity: CRITICAL
CVE ID: CVE-2023-34034
CVSS Score: 9.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Refrence: NVDMITRE

Proof Of Concept

hotblac

Demonstration of CVE-2023-24034 authorization bypass in Spring Security

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8