In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
References
Link | Resource |
---|---|
https://tanzu.vmware.com/security/cve-2022-22946 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2022-03-04T15:50:06
Updated: 2022-07-25T16:46:27
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22946
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-04T16:15:10.377
Modified: 2023-02-22T17:46:02.053
Link: CVE-2022-22946
JSON object: View
Redhat Information
No data.
CWE