{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T17:02:46.422","vulnerabilities":[{"cve":{"id":"CVE-2023-45669","sourceIdentifier":"security-advisories@github.com","published":"2023-10-16T19:15:11.167","lastModified":"2024-11-21T08:27:10.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"},{"lang":"es","value":"WebAuthn4J Spring Security proporciona soporte de especificación de autenticación web para aplicaciones Spring. Las versiones afectadas están sujetas a un manejo inadecuado del valor del contador de firmas. Se encontró una falla en webautn4j-spring-security-core. Cuando un autenticador devuelve un valor de contador de firma incrementado durante la autenticación, webauthn4j-spring-security-core no conserva correctamente el valor, lo que significa que la detección del autenticador clonado no funciona. Un atacante que clonó un autenticador válido de alguna manera puede utilizar el autenticador clonado sin ser detectado. Este problema se solucionó en la versión `0.9.1.RELEASE`. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webauthn4j:spring_security:*:*:*:*:*:spring:*:*","versionEndExcluding":"0.9.1","matchCriteriaId":"C036992E-5946-498B-A788-E72C49955376"}]}]}],"references":[{"url":"https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]}]}}]}