Main Vulnerability Database Exploits ID:8924 - Exploit for Improper Authorization in Spring Security - CVE-2022-22978

ID:8924 - Exploit for Improper Authorization in Spring Security - CVE-2022-22978

Published: March 18, 2023

Vulnerability identifier: #VU63345

Vulnerability risk: High

CVE-ID: CVE-2022-22978

CWE-ID: CWE-285

Exploitation vector: Remote access

Vulnerable software:
Spring Security

Link to public exploit:

https://github.com/umakant76705/CVE-2022-22978

Vulnerability description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to input validation error when processing untrusted input in applications that are using RegexRequestMatcher with `.` in the regular expression. A remote non-authenticated attacker can bypass authorization checks.

Remediation

Install updates from vendor's website.

ID:8924 - Exploit for Improper Authorization in Spring Security - CVE-2022-22978

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human