{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T18:42:47.352","vulnerabilities":[{"cve":{"id":"CVE-2023-34042","sourceIdentifier":"security@vmware.com","published":"2024-02-05T22:15:55.210","lastModified":"2025-06-03T19:15:32.450","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of “CWE-732: \nIncorrect Permission Assignment for Critical Resource” and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"},{"lang":"es","value":"El archivo spring-security.xsd dentro del jar spring-security-config se puede escribir en todo el mundo, lo que significa que si se extrajera, cualquier persona con acceso al sistema de archivos podría escribirlo. Si bien no se conocen exploits, este es un ejemplo de \"CWE-732: Asignación de permisos incorrecta para recursos críticos\" y podría resultar en un exploit. Los usuarios deben actualizar a la última versión de Spring Security para mitigar cualquier vulnerabilidad futura que se encuentre en torno a este problema."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.4","versionEndExcluding":"5.8.7","matchCriteriaId":"C39570F8-3624-4CC5-AFC0-E45B060BDEAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.4","versionEndExcluding":"6.0.7","matchCriteriaId":"D26A2C2D-651A-4696-A7EF-36172BDA70FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.1","versionEndExcluding":"6.1.4","matchCriteriaId":"1AA03FA3-ACE0-4B22-B084-DEC834EB2F5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*","matchCriteriaId":"61397AD3-0A8F-4B9A-9B66-E27CA64392A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:spring_security:5.7.10:*:*:*:*:*:*:*","matchCriteriaId":"E23F4313-761C-4A30-A891-156EFF583822"}]}]}],"references":[{"url":"https://spring.io/security/cve-2023-34042","source":"security@vmware.com","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20241129-0010/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://spring.io/security/cve-2023-34042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}