CVE-2024-38810

Summary

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.

Affected Software

VendorProductVersion RangeStatus
springspring security6.3.x < 6.3.2affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References