Lucene search
F5F5:K000134945HistoryJun 07, 2023 - 12:00 a.m.
K000134945 : Spring Boot vulnerability CVE-2022-46166
2023-06-0700:00:00
my.f5.com
7
spring boot admin
vulnerability
upgrade
versions 2.6.10
2.7.8
ui access
environment variables
Security Advisory Description
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on /env actuator endpoint. (CVE-2022-46166)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
osv
osv
CVE-2022-46166
2022-12-09 21:15:14
github
github
cve
cve
CVE-2022-46166
2022-12-09 21:15:14
veracode
veracode
Remote Code Injection
2022-12-12 05:38:33
githubexploit
githubexploit
Exploit for Code Injection in Codecentric Spring Boot Admin
2023-02-10 09:06:34
prion
prion
Design/Logic Flaw
2022-12-09 21:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-46166
2022-12-09 21:15:14