Lucene search
PRIOn knowledge basePRION:CVE-2023-34042HistoryFeb 05, 2024 - 10:15 p.m.
Design/Logic Flaw
2024-02-0522:15:00
PRIOn knowledge base
www.prio-n.com
6
design logic flaw
world writable
spring-security-config jar
exploit
cwe-732
permission assignment
update
spring security
nvd
The spring-security.xsd file inside the
spring-security-config jar is world writable which means that if it were
extracted it could be written by anyone with access to the file system.
While there are no known exploits, this is an example of “CWE-732:
Incorrect Permission Assignment for Critical Resource” and could result
in an exploit. Users should update to the latest version of Spring
Security to mitigate any future exploits found around this issue.
References
Related
ibm
ibm
nvd
nvd
CVE-2023-34042
2024-02-05 22:15:55
veracode
veracode
Incorrect File Permission
2024-02-07 07:52:57
github
github
Spring Security's spring-security.xsd file is world writable
2024-02-06 00:30:25
cvelist
cvelist
CVE-2023-34042
2024-02-05 22:00:01
redhatcve
redhatcve
CVE-2023-34042
2024-02-06 05:30:49
osv
osv
CVE-2023-34042
2024-02-05 22:15:55
Spring Security's spring-security.xsd file is world writable
2024-02-06 00:30:25
vulnrichment
vulnrichment
CVE-2023-34042
2024-02-05 22:00:01
cve
cve
CVE-2023-34042
2024-02-05 22:15:55