Exploring the Spring Security authorization bypass (CVE-2022-31692)

A new authorization bypass vulnerability (CVE-2022-31692) has been discovered in Spring Security 5, affecting a specific set of use cases. The issue allows non-admin users to access admin pages without proper authorization. To mitigate this security problem, it is advised to upgrade to the newer version of Spring Security (version 5.6.9 or beyond). If updating is not possible, changing the filter definition can also help. Keeping dependencies up to date is crucial for maintaining application security.