Description

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

Remediation

References

CVE-2022-22946

Related Vulnerabilities

WordPress Plugin PureHTML 'alter.php' SQL Injection (1.0.0)

b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901)

phpBB CVE-2010-1630 Vulnerability (CVE-2010-1630)

WordPress Plugin cformsII Multiple Cross-Site Scripting Vulnerabilities (14.13.2)

Joomla CVE-2012-0819 Vulnerability (CVE-2012-0819)

Severity

Medium

Classification

CVE-2022-22946 CWE-295 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities