Back to bug 2231491
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-08-11 17:31:08 UTC | Depends On | 2231492 | |
| Pedro Sampaio | 2023-08-11 17:34:02 UTC | Depends On | 2231495, 2231493, 2231494 | |
| Pedro Sampaio | 2023-08-11 17:50:18 UTC | Blocks | 2188521 | |
| Patrick Del Bello | 2023-08-11 18:46:01 UTC | Doc Text | A flaw was found under Spring Boot. An application that is deployed to Cloud Foundry could be susceptible to a security bypass. | |
| Patrick Del Bello | 2023-08-14 21:37:58 UTC | Alias | TRIAGE-CVE-2023-20873 | CVE-2023-20873 |
| Summary | TRIAGE-CVE-2023-20873 spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry | CVE-2023-20873 spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry | ||
| Paige Jung | 2023-08-14 22:16:33 UTC | Doc Text | A flaw was found under Spring Boot. An application that is deployed to Cloud Foundry could be susceptible to a security bypass. | A flaw was found in Spring Boot. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. |
| Patrick Del Bello | 2023-08-16 13:58:23 UTC | Doc Text | A flaw was found in Spring Boot. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. | A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are true: * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**. * The application is deployed to Cloud Foundry. An application is not vulnerable if any of the following is true: * The application is not deployed to Cloud Foundry * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false. * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**. |
Back to bug 2231491