CVE-2023–34035: Improper Authorization

In this post, I will share how I discovered CVE-2023–34035, a CVE Misconfiguration in the famous Spring Security Project.

For those who are using Spring Boot to build and deploy their JVM applications, you have probably already encountered Spring Security. So the following snippet may ring a bell for you:

@EnableWebSecurity
@EnableMethodSecurity
@Configuration
class…