ID:7410 - Exploit for Security features bypass in Spring Cloud Gateway - CVE-2022-22946

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:7410 - Exploit for Security features bypass in Spring Cloud Gateway - CVE-2022-22946

ID:7410 - Exploit for Security features bypass in Spring Cloud Gateway - CVE-2022-22946

Published: March 3, 2022


Vulnerability identifier: #VU60983
Vulnerability risk: Low
CVE-ID: CVE-2022-22946
CWE-ID: CWE-254
Exploitation vector: Local access
Vulnerable software:
Spring Cloud Gateway

Link to public exploit:


Vulnerability description

The vulnerability allows a local user to bypass security restrictions.

The vulnerability exists due to a security bypass issue when using an HTTP2 insecure TrustManager. A local user can send a specially crafted request and connect to remote services with invalid or custom certificates.


Remediation

Install updates from vendor's website.