-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper authorization configuration in Spring Security rules. The commit diff shows the /api/import and /api/export endpoints were originally chained after .hasAnyRole(ROLE_MANAGER, ROLE_ADMIN) constraints from previous matchers, creating ambiguous inheritance. The patched version explicitly adds .hasAnyRole(ROLE_ADMIN) to these endpoints. The configureAPISecurityFilterChain method in SecurityConfiguration.java is directly responsible for defining endpoint access controls, making it the vulnerable function. The high confidence comes from the direct correlation between the patch's security rule changes and the reported vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.github.microcks:microcks-app | maven | < 1.10.0 | 1.10.0 |
JavaJava