cbcvebase.
CVE-2022-46166
published 2022-12-09

CVE-2022-46166: Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.44%
69.8th percentile
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on `/env` actuator endpoint.

Affected

4 ranges
VendorProductVersion rangeFixed in
codecentricspring-boot-admin< 2.6.102.6.10
codecentricspring_boot_admin< 2.6.102.6.10
codecentricspring_boot_admin
codecentricspring_boot_admin>= 2.7.0 < 2.7.82.7.8
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.