CVE-2022-22946

State: PUBLISHED · Published: 2022-03-04 · Updated: 2024-08-03 · Assigner: vmware

Description

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.

CWE

(none)

Affected

n/a / Spring Cloud Gateway — v=Spring cloud gateway versions 3.1.x prior to 3.1.1+ [affected]

CVSS

(none)

References

https://tanzu.vmware.com/security/cve-2022-22946 x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC

Source

cvelistV5-main/cves/2022/22xxx/CVE-2022-22946.json