CVE-2023-20862

EPSS 0.46% · P64 Updated Feb 05, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-20862

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Spring Framework 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Security 5.7.x 系列5.7.8 之前版本、 5.8.x系列5.8.3 之前的版本和6.0.x系列 6.0.3 之前的版本存在安全漏洞，该漏洞源于如果使用序列化版本，注销支持不会正确清理Security上下文。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Spring Security	Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3	-

II. Public POCs for CVE-2023-20862

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-20862

请登录查看更多情报信息。

Same Patch Batch · n/a · 2023-04-19 · 67 CVEs total

CVE-2021-0875		Google Android 输入验证错误漏洞
CVE-2023-28122		UI Desktop 安全漏洞
CVE-2023-23451		多款SICK产品访问控制错误漏洞
CVE-2023-22894		Strapi 安全漏洞
CVE-2023-29923		PowerJob 安全漏洞
CVE-2023-29586		Code Sector TeraCopy 安全漏洞
CVE-2023-29922		PowerJob 安全漏洞
CVE-2021-0872		Google Android 输入验证错误漏洞
CVE-2021-0873		Google Android 输入验证错误漏洞
CVE-2021-0874		Google Android 输入验证错误漏洞
CVE-2023-27777		Sourcecodester Online Jewelry Shop 跨站脚本漏洞
CVE-2021-0876		Google Android 输入验证错误漏洞
CVE-2021-0878		Google Android 输入验证错误漏洞
CVE-2021-0879		Google Android 输入验证错误漏洞
CVE-2021-0880		Google Android 输入验证错误漏洞
CVE-2021-0881		Google Android 输入验证错误漏洞
CVE-2021-0882		Google Android 输入验证错误漏洞
CVE-2021-0883		Google Android 输入验证错误漏洞
CVE-2021-0884		Google Android 输入验证错误漏洞
CVE-2021-0885		Google Android 输入验证错误漏洞

Showing top 20 of 67 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Spring Security

Same vendor: n/a

V. Comments for CVE-2023-20862

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-20862

I. Basic Information for CVE-2023-20862

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-20862

III. Intelligence Information for CVE-2023-20862

Same Patch Batch · n/a · 2023-04-19 · 67 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-20862

Leave a comment