Lucene search
PRIOn knowledge basePRION:CVE-2023-22602HistoryJan 14, 2023 - 10:15 a.m.
Authentication flaw
2023-01-1410:15:00
PRIOn knowledge base
www.prio-n.com
6
apache shiro
spring boot
authentication bypass
http request
pattern matching
mitigation
update
nvd
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: spring.mvc.pathmatch.matching-strategy = ant_path_matcher
| CPE | Name | Operator | Version |
|---|---|---|---|
| shiro | lt | 1.11.0 | |
| spring_boot | eq | 2.6.0 |
Related
nvd
nvd
CVE-2023-22602
2023-01-14 10:15:09
debiancve
debiancve
CVE-2023-22602
2023-01-14 10:15:09
ibm
ibm
cvelist
cvelist
osv
osv
CVE-2023-22602
2023-01-14 10:15:09
Apache Shiro Interpretation Conflict vulnerability
2023-01-14 12:30:23
redhatcve
redhatcve
CVE-2023-22602
2023-03-27 21:35:08
ubuntucve
ubuntucve
CVE-2023-22602
2023-01-14 00:00:00
github
github
Apache Shiro Interpretation Conflict vulnerability
2023-01-14 12:30:23
cve
cve
CVE-2023-22602
2023-01-14 10:15:09
nessus
nessus
Apache Shiro < 1.11.0 Authentication Bypass
2023-09-25 00:00:00
veracode
veracode
Authentication Bypass
2023-10-13 18:43:28
redhat
redhat