How severe is CVE-2023-20873?

CVE-2023-20873 has a severity rating of 9.8 out of 10, making it a critical vulnerability.

How can I mitigate CVE-2023-20873?

To mitigate CVE-2023-20873, users of affected versions should upgrade to Spring Boot 3.0.6+ or 2.7.11+ depending on the version being used.

Where can I find more information about CVE-2023-20873?

Additional information about CVE-2023-20873 can be found at the following references: https://security.netapp.com/advisory/ntap-20230601-0009/ and https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now

Vulnerability/
CVE-2023-20873

critical

9.8

20/4/2023

2/8/2024

CVE-2023-20873

Q: What is CVE-2023-20873?

CVE-2023-20873 is a vulnerability in Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions that could lead to a security bypass.

First published: Thu Apr 20 2023(Updated: )

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

Credit: security@vmware.com security@vmware.com security@vmware.com

Affected Software	Affected Version	How to fix
redhat/spring-boot	<2.5.15	2.5.15
redhat/spring-boot	<2.6.15	2.6.15
redhat/spring-boot	<2.7.11	2.7.11
redhat/spring-boot	<3.0.6	3.0.6
maven/org.springframework.boot:spring-boot-actuator-autoconfigure	<2.5.15	2.5.15
maven/org.springframework.boot:spring-boot-actuator-autoconfigure	>=2.6.0<2.6.15	2.6.15
maven/org.springframework.boot:spring-boot-actuator-autoconfigure	>=2.7.0<2.7.11	2.7.11
maven/org.springframework.boot:spring-boot-actuator-autoconfigure	>=3.0.0<3.0.6	3.0.6
VMware Spring Boot	<2.5.15
VMware Spring Boot	>=2.6.0<2.6.14
VMware Spring Boot	>=2.7.0<2.7.11
VMware Spring Boot	>=3.0.0<3.0.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-20873?
CVE-2023-20873 is a vulnerability in Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions that could lead to a security bypass.
How severe is CVE-2023-20873?
CVE-2023-20873 has a severity rating of 9.8 out of 10, making it a critical vulnerability.
How can I mitigate CVE-2023-20873?
To mitigate CVE-2023-20873, users of affected versions should upgrade to Spring Boot 3.0.6+ or 2.7.11+ depending on the version being used.
Where can I find more information about CVE-2023-20873?
Additional information about CVE-2023-20873 can be found at the following references: https://security.netapp.com/advisory/ntap-20230601-0009/ and https://spring.io/blog/2023/05/18/spring-boot-2-5-15-and-2-6-15-available-now

collector/nvd-index
agent/type
agent/author
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-20873
agent/software-canonical-lookup
collector/nvd-api
agent/software-canonical-lookup-request
agent/references
collector/nvd-cve
source/NVD
collector/github-advisory-latest
source/GitHub
alias/GHSA-g5h3-w546-pj7f
collector/github-advisory
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
vendor/vmware
canonical/vmware spring boot
version/vmware spring boot/2.6.0
version/vmware spring boot/2.7.0
version/vmware spring boot/3.0.0
package-manager/redhat
package-manager/maven

CVE-2023-20873

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-20873?

How severe is CVE-2023-20873?

How can I mitigate CVE-2023-20873?

Where can I find more information about CVE-2023-20873?

Company

Resources

Contact