CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
29.7%
spring-security-config is vulnerable to Authorization Rule Misconfiguration. The vulnerability exists due to the lack of validation in the RequestMatcher
of AbstractRequestMatcherRegistry.java
when the application uses the requestMatchers(String)
function with multiple servlets, one of them being Spring MVCâs DispatcherServlet
.