CVE-2023-40788

Опубликовано: 19 сент. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs

Ссылки

https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7
Third Party Advisory
https://github.com/chillzhuang/SpringBlade
Product
https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java
Exploit
https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7
Third Party Advisory
https://github.com/chillzhuang/SpringBlade
Product
https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bladex:springblade:*:*:*:*:*:*:*:*

Версия до 3.6.0 (включая)

EPSS

Процентиль: 22%

0.00072

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-668

Связанные уязвимости

GHSA-64jv-m5p4-8qqx