Main Vulnerability Database Exploits ID:10782 - Exploit for Improper Authorization in Spring Security - CVE-2024-38821

ID:10782 - Exploit for Improper Authorization in Spring Security - CVE-2024-38821

Published: October 30, 2024

Vulnerability identifier: #VU99267

Vulnerability risk: Medium

CVE-ID: CVE-2024-38821

CWE-ID: CWE-285

Exploitation vector: Remote access

Vulnerable software:
Spring Security

Link to public exploit:

https://github.com/mouadk/cve-2024-38821

Vulnerability description

The vulnerability allows a remote attacker to bypass authorization.

The vulnerability exists due to improper implementation of authorization checks when accessing static resources in WebFlux application. A remote non-authenticated attacker can bypass authorization process and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

ID:10782 - Exploit for Improper Authorization in Spring Security - CVE-2024-38821

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human