RHSA-2023%3A5148
A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are true: * You have code that can handle requests that match /cloudfoundryapplication/**. Typically, this will be if there is a catch-all request mapping which matches /**. * The application is deployed to Cloud Foundry. An application is not vulnerable if any of the following is true: * The application is not deployed to Cloud Foundry * You have disabled Cloud Foundry actuator endpoints with management.cloudfoundry.enabled set to false. * Your application does not have handler mappings that can handle requests to /cloudfoundryapplication/**.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | RHINT Camel-Springboot 3.20.2 |
Timeline
- Sep 13, 2023 CVE Published
- Apr 30, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:5148 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q3 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2215445 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2231491 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5148.json advisory
- https://access.redhat.com/security/cve/CVE-2023-20873 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-20873 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20873 advisory
- https://github.com/advisories/GHSA-g5h3-w546-pj7f advisory
- https://spring.io/security/cve-2023-20873/ advisory
- https://access.redhat.com/security/cve/CVE-2023-34455 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-34455 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-34455 advisory