How severe is CVE-2023-20862?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2023-20862?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2023-20862 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Related Vulnerabilities

CVE-2024-23672

MEDIUM

CVSS:6.3(Medium)

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue a...

CWE-4592024

CVE-2019-12902

MEDIUM

CVSS:6.5(Medium)

Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. This allows a new user, holding the same User ID as a deleted user, to restore the deleted user's data.

CWE-4592019

CVE-2020-12414

MEDIUM

CVSS:6.5(Medium)

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted ...

CWE-4592020

CVE-2020-12624

MEDIUM

CVSS:6.5(Medium)

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which...

CWE-4592020

CVE-2020-13346

MEDIUM

CVSS:6.5(Medium)

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

CWE-4592020

CVE-2022-37428

MEDIUM

CVSS:6.5(Medium)

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS qu...

CWE-4592022