CVE-2023-20862
Last modified
CVE-2023-20862 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. EPSS estimates a 0.65% chance of exploitation in the next 30 days.
Description
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Security | >= 5.7.0, < 5.7.8 |
| Vmware | Spring Security | >= 5.8.0, < 5.8.3 |
| Vmware | Spring Security | >= 6.0.0, < 6.0.3 |
| Netapp | Active Iq Unified Manager | All versions |
References
- https://security.netapp.com/advisory/ntap-20230526-0002/Third Party Advisory
- https://spring.io/security/cve-2023-20862Vendor Advisory
- https://security.netapp.com/advisory/ntap-20230526-0002/Third Party Advisory
- https://spring.io/security/cve-2023-20862Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-20862?
How severe is CVE-2023-20862?
How do I fix CVE-2023-20862?
Are you affected by CVE-2023-20862?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST