Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Spring Cloud Gateway Improper Certificate Validation Vulnerability - CVE-2022-22946 - Vulnerability Database
Spring Cloud Gateway

Spring Cloud Gateway Improper Certificate Validation Vulnerability - CVE-2022-22946

Medium
Reference: CVE-2022-22946
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-22946
Title: Spring Cloud Gateway Improper Certificate Validation Vulnerability
Overview:

In spring cloud gateway versions prior to 3.1.1 applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.