漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Authentication Bypass under Actuator Health groups paths
Vulnerability Description
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15. This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
使用候选路径或通道进行的认证绕过
Vulnerability Title
VMware Spring Boot 安全漏洞
Vulnerability Description
VMware Spring Boot是美国威睿(VMware)公司的一套开源框架。 VMware Spring Boot 4.0.3之前版本、3.5.11之前版本和3.4.15之前版本存在安全漏洞,该漏洞源于当已为Health Group附加路径配置的特定路径下声明需要身份验证的应用程序端点时,可能导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A