9.8
CVE-2022-46166
- EPSS 23.37%
- Veröffentlicht 09.12.2022 21:15:14
- Zuletzt bearbeitet 21.11.2024 07:30:14
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginSpring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Codecentric ≫ Spring Boot Admin Version < 2.6.10
Codecentric ≫ Spring Boot Admin Version >= 2.7.0 < 2.7.8
Codecentric ≫ Spring Boot Admin Version3.0.0 Updatem1
Codecentric ≫ Spring Boot Admin Version3.0.0 Updatem2
Codecentric ≫ Spring Boot Admin Version3.0.0 Updatem3
Codecentric ≫ Spring Boot Admin Version3.0.0 Updatem4
Codecentric ≫ Spring Boot Admin Version3.0.0 Updatem5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 23.37% | 0.958 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security-advisories@github.com | 8 | 1.3 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.