| |
Vulnerability CVE-2024-22258
Published: 2024-03-20
| Description: |
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.
Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant.
An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant.
|
References: |
https://spring.io/security/cve-2024-22258
|
|
|
closedb();
?>
Copyright 2026, cxsecurity.com
|
|
|