CVE-2024-22257

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-862
View all →

Vulnerability Description

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

Related Vulnerabilities

CVE-2020-24718

HIGH
CVSS:8.2(High)

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonst...

CWE-8622020

CVE-2022-0871

HIGH
CVSS:8.2(High)

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CWE-8622022

CVE-2022-1066

HIGH
CVSS:8.2(High)

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CWE-8622022

CVE-2022-3321

HIGH
CVSS:8.2(High)

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by en...

CWE-8622022

CVE-2022-41930

HIGH
CVSS:8.2(High)

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or dis...

CWE-8622022

CVE-2023-37862

HIGH
CVSS:8.2(High)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co...

CWE-8622023