[Geoserver-devel] [JIRA] (GEOS-10582) Spring Security Authentication Bypass Vulnerability (CVE-2022-22978)

kf t created an issue

GeoServer / BugGEOS-10582

Spring Security Authentication Bypass Vulnerability (CVE-2022-22978)

Issue Type:

BugBug

Affects Versions:

2.21.0

Assignee:

Unassigned

Components:

authkey

Created:

11/Jul/22 9:24 AM

Environment:

https://blog.csdn.net/Trouvailless/article/details/124974026

Priority:

HighHigh

Reporter:

kf t

The disposal of advice

At present, the official version has been released, users are advised to update in time:

Spring Security 5.5.x upgrade to 5.5.7 :

https://github.com/spring-projects/spring-security/releases/tag/5.5.7

Spring Security 5.6.x upgrade to 5.6.4 :

https://github.com/spring-projects/spring-security/releases/tag/5.6.4

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100202-sha1:35f91a0)

Atlassian logo