[Geoserver-devel] [JIRA] (GEOS-10582) Spring Security Authentication Bypass Vulnerability (CVE-2022-22978)

Mon, 11 Jul 2022 00:25:09 -0700 

kf t ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=62cbc310078104d0866c87d8
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiNTMxZGI4NTg2MDY0NGIxMTgzMGEwZDY3N2UxNzM4NzMiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10582?atlOrigin=eyJpIjoiNTMxZGI4NTg2MDY0NGIxMTgzMGEwZDY3N2UxNzM4NzMiLCJwIjoiaiJ9
 ) GEOS-10582 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10582?atlOrigin=eyJpIjoiNTMxZGI4NTg2MDY0NGIxMTgzMGEwZDY3N2UxNzM4NzMiLCJwIjoiaiJ9
 ) Spring Security Authentication Bypass Vulnerability (CVE-2022-22978) ( 
https://osgeo-org.atlassian.net/browse/GEOS-10582?atlOrigin=eyJpIjoiNTMxZGI4NTg2MDY0NGIxMTgzMGEwZDY3N2UxNzM4NzMiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.21.0 Assignee: Unassigned Components: 
authkey Created: 11/Jul/22 9:24 AM Environment:

https://blog.csdn.net/Trouvailless/article/details/124974026

Priority: High Reporter: kf t ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=62cbc310078104d0866c87d8
 )

The disposal of advice

At present, the official version has been released, users are advised to update 
in time:

Spring Security 5.5.x upgrade to 5.5.7 :

https://github.com/spring-projects/spring-security/releases/tag/5.5.7

Spring Security 5.6.x upgrade to 5.6.4 :

https://github.com/spring-projects/spring-security/releases/tag/5.6.4

( 
https://osgeo-org.atlassian.net/browse/GEOS-10582#add-comment?atlOrigin=eyJpIjoiNTMxZGI4NTg2MDY0NGIxMTgzMGEwZDY3N2UxNzM4NzMiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10582#add-comment?atlOrigin=eyJpIjoiNTMxZGI4NTg2MDY0NGIxMTgzMGEwZDY3N2UxNzM4NzMiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100202- 
sha1:35f91a0 )

_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to