CVE-2023-40788

EUVD-2023-45339
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
bladexspringblade
𝑥
≤ 3.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7
https://github.com/chillzhuang/SpringBlade
https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java
https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7
https://github.com/chillzhuang/SpringBlade
https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java