Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
Metrics
Affected Vendors & Products
References
History
Tue, 20 Aug 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 20 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 20 Aug 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. | |
Title | Missing Authorization When Using @AuthorizeReturnObject | |
Weaknesses | CWE-287 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-08-20T03:35:24.795Z
Updated: 2024-08-20T13:34:50.068Z
Reserved: 2024-06-19T22:31:57.187Z
Link: CVE-2024-38810
Vulnrichment
Updated: 2024-08-20T13:34:46.333Z
NVD
Status : Awaiting Analysis
Published: 2024-08-20T04:15:07.993
Modified: 2024-08-20T15:44:20.567
Link: CVE-2024-38810
Redhat