CVE-2022-46166
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-46166
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-46166.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-46166
- Aliases
- Related
- Published
- 2022-12-09T21:15:14Z
- Modified
- 2025-09-19T14:16:10.990301Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers (e.g. Teams-Notifier) and write access to environment variables via UI are affected. Users are advised to upgrade to the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 to resolve this issue. Users unable to upgrade may disable any notifier or disable write access (POST request) on
/envactuator endpoint. - References
Affected packages
Git / github.com/codecentric/spring-boot-admin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/codecentric/spring-boot-admin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.3
1.0.4
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.4.3
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-24a62a2a",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/DiscordNotifier.java",
"function": "createContent"
},
"digest": {
"function_hash": "308819669522947609203791811641036381300",
"length": 351.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-31c99838",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/TelegramNotifier.java",
"function": "getText"
},
"digest": {
"function_hash": "308819669522947609203791811641036381300",
"length": 351.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-591f6f6f",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/PagerdutyNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"113177862416706009166097392957798407586",
"152357677944050967704136184002961983019",
"135427083141300318227874324573792209879",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"282573321356607274691190639372445543476",
"338474047336855878866407847162486990408",
"317386459750949948068751270329082957868",
"97915803070264335517110359686196899567",
"89466473095721953420176937629359025858",
"182634012755774078279366792370967333769",
"338661334753483300561013600404131587511",
"245700946003036779319893581327859737144",
"317092920690102744694323087269402288088",
"4024918317956047352457445629321231056",
"92733474112047520920785030301399266959",
"76400526046957677099784902455372361163",
"302845296643993992693353941106289457147",
"2631306045668766680951793630404666679",
"285863535242711461837602420437837746845",
"110675233897810182217457674198210374809",
"318448440562624572888819321212063841269",
"285177140246719643931461788368615970175",
"289851273294245121126923747107601095782",
"83011004374716388355607531860494283409",
"189092505117030748109011706430768915004",
"147826922990921742465330027291332954144",
"143806395272743268610365934377412997700",
"339977984634663184885889111127195197491",
"250899807084983329255779653147924462093",
"307714341932742835496865968200006324197",
"11159974448147798902169047805492140105",
"113380072659652454193105309987679187012",
"298282208180182117129495755254204231892",
"49615785164873147739172182216684979131",
"254473448494862831883244600313386991045",
"57879356766487015362144456556764805505",
"228766091137771025622128472755371420735"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-68a27468",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/DingTalkNotifier.java",
"function": "getSign"
},
"digest": {
"function_hash": "20383476587499844220949291579719435812",
"length": 413.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-6d7ce87c",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/LetsChatNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"40107329407501049308142564969102763372",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"180551139743684852225163228678418768211",
"241086638103750156345186658332343077459",
"166347799896617175040263881997693952084",
"317084474625992420997374688516394709103",
"106577642008800988361910006232228379072",
"232464411829972563223117885009861623635",
"26042325133682264338051596112864147010",
"132883690162309416430217459815155513774",
"171335579932137243275285093075149950361",
"241256323053989278212744477779729390915",
"67223076934178803764911428215239388137",
"67520305341368372773743871215866338027",
"320625563785872352236125416613821632490",
"38943875317364396905772935637262597167",
"75102234397544840958227190715073943065",
"83976989942341881216399224761378127290",
"249960760985509585908790223697539519847",
"96519210530292814414892515266385512372",
"309624623050468732902764647524006853881",
"178361125306050387086649380512094021490",
"184388341662729102274723835837555273458",
"72962679501125072710863724581304432650",
"224937930916840813948395552614108390200",
"264814659052983235627008431822528914975",
"311639074714425521097720515899301125554",
"184996196259682029285376509178098610207",
"202760779154523677716193929133665958230",
"6941214693644157201827955235607442804",
"236081881671109019299737170275733827280",
"12465296634239621551649435846978109972",
"235975810329297032696983639237752650085",
"157327099422261803656669037657929297014",
"197042098419981679955659120679178548169"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-6f67d9b2",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/OpsGenieNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"40107329407501049308142564969102763372",
"56896345093144684750464027380355067878",
"222509255811235397972722894358607132889",
"248290990790768282213514756706828841588",
"259457752946793241626977051193256563771",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"282573321356607274691190639372445543476",
"338474047336855878866407847162486990408",
"261380982846420242137693737264769725545",
"131660662051880251435019671836071946637",
"268460226379677823068676255622045100646",
"330707120308541113129156500965522209569",
"127365061763574595749902823903348454558",
"14280076379637866133404239624206882066",
"265825327415201813462531359460979442726",
"325707293034918858232673684031280176738",
"74338295491051192432101837525277577743",
"65613906419391338439193063280166726320",
"11159974448147798902169047805492140105"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-77760d3e",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/DingTalkNotifier.java"
},
"digest": {
"line_hashes": [
"38649913103332370084548346085648175642",
"222670739401579687828964743819753453282",
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"186075743987639514672424738396671417597",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"180551139743684852225163228678418768211",
"241086638103750156345186658332343077459",
"299065695222471481771477398773770894486",
"207642207282661170848849279894410410522",
"296945945704355200492091479493564117818",
"259346514293464912005407963121726502195",
"121728052303636394245891961382415991530",
"20832329948746763152904796256379344588"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-7e125fb9",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/DiscordNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"186075743987639514672424738396671417597",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"180551139743684852225163228678418768211",
"241086638103750156345186658332343077459",
"179545170204682727226575058907162142556"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-82570a62",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/SlackNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"186075743987639514672424738396671417597",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"180551139743684852225163228678418768211",
"241086638103750156345186658332343077459",
"96027535826397693409394933620853896941"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-94ba367f",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/LetsChatNotifier.java",
"function": "getText"
},
"digest": {
"function_hash": "308819669522947609203791811641036381300",
"length": 351.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-9624efe6",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/SlackNotifier.java",
"function": "getText"
},
"digest": {
"function_hash": "308819669522947609203791811641036381300",
"length": 351.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-9b362454",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/TelegramNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"113177862416706009166097392957798407586",
"152357677944050967704136184002961983019",
"135427083141300318227874324573792209879",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"180551139743684852225163228678418768211",
"241086638103750156345186658332343077459",
"166347799896617175040263881997693952084"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-a6fefb6b",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/OpsGenieNotifier.java",
"function": "buildUrl"
},
"digest": {
"function_hash": "117312002945553229259213700159027023074",
"length": 295.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-aaa46556",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/PagerdutyNotifier.java",
"function": "getDescription"
},
"digest": {
"function_hash": "265273178789241359652000680391589208240",
"length": 355.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-b43145a6",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/HipchatNotifier.java",
"function": "getMessage"
},
"digest": {
"function_hash": "265273178789241359652000680391589208240",
"length": 355.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-c772d9fe",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/HipchatNotifier.java",
"function": "buildUrl"
},
"digest": {
"function_hash": "186665334861092997689140860561572656773",
"length": 208.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-d61b9d97",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/MicrosoftTeamsNotifier.java",
"function": "createEvaluationContext"
},
"digest": {
"function_hash": "340189551773180711665767591810210938650",
"length": 312.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-eae5d6d5",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/DingTalkNotifier.java",
"function": "getText"
},
"digest": {
"function_hash": "308819669522947609203791811641036381300",
"length": 351.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-f1cbfdd1",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/HipchatNotifier.java"
},
"digest": {
"line_hashes": [
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"186075743987639514672424738396671417597",
"263541499444713296614583447077782725462",
"311712836664834465717721327370119545757",
"257511378455686760848952651905946112660",
"90218647444775809916964176546107968342",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"282573321356607274691190639372445543476",
"338474047336855878866407847162486990408",
"232486889654218813907236739187821581745",
"80333860806805572337214932930324846940",
"140721968073776108559043272183639301399",
"232464411829972563223117885009861623635",
"26042325133682264338051596112864147010",
"132883690162309416430217459815155513774",
"171335579932137243275285093075149950361",
"241256323053989278212744477779729390915",
"102040264993619121373750370443951335256",
"301577240470658566362877566057124753281",
"22133504044128115062893906554732418648",
"171460583409673933527365130821220252360",
"101497807016343322615135967409405572258",
"298633217085417895773126392459371751252",
"256585184637218265156352227112257778167",
"62778676412959844806871106062758551463",
"179718265501761920393486593618199613996",
"274876661464998086921099649827273069561",
"280506993026484095494645805483769796383",
"199103157211312690436394013280734709663",
"253248905787450387041167178024925360152",
"19277107333477438236891026546449065191",
"19424663816841617329310575112826091299",
"139795206016344241352012902553670449646",
"61413137810448156148072334354081689554",
"237987438781254323146604771433427353692",
"11159974448147798902169047805492140105",
"113380072659652454193105309987679187012",
"298282208180182117129495755254204231892",
"49615785164873147739172182216684979131",
"254473448494862831883244600313386991045",
"57879356766487015362144456556764805505",
"228766091137771025622128472755371420735"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-f493961f",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/OpsGenieNotifier.java",
"function": "getMessage"
},
"digest": {
"function_hash": "265273178789241359652000680391589208240",
"length": 355.0
},
"signature_type": "Function"
},
{
"source": "https://github.com/codecentric/spring-boot-admin/commit/c14c3ec12533f71f84de9ce3ce5ceb7991975f75",
"signature_version": "v1",
"id": "CVE-2022-46166-ff40478a",
"deprecated": false,
"target": {
"file": "spring-boot-admin-server/src/main/java/de/codecentric/boot/admin/server/notify/MicrosoftTeamsNotifier.java"
},
"digest": {
"line_hashes": [
"235562518287803370592947255977632271511",
"321322853221665511759251965049421221927",
"83765979343852704064711559461065128355",
"197944716560128699905929720705874596040",
"168029984051602924942843223065845287974",
"60010671208771061554513417377281802334",
"232859185809812045158775949159649920710",
"186075743987639514672424738396671417597",
"44749826090222867738241685738872012652",
"276273699712860165234360654874160559044",
"80847958411017572616585210224793884777",
"78886786026596931296798499851949114461",
"121021008434033902129756575018912131966",
"43857536439786415644441483770332804139",
"331432849216236590537531310851133330300",
"128593712793741697189753194513015904223",
"12897505721054826945533703325653960168",
"321036012911342935629647554595359304313",
"106103760981747772970736759356156181645",
"7706586760212741540960285826443965064",
"294958052474881199620993936073021883915",
"52102862042072997883066234100935451003",
"278150981712566399540490805468554864183",
"32155703880082579903550990684866779914",
"284974782204408827192030681740996485381",
"5312966681335712975209648409705019602",
"292691067500503545461135860091597904309",
"48438451863070164626804831858932462673",
"198847547228801470366623418049390877151",
"215768186994171874767677667564357718000",
"301856967102632027262089439020570481518",
"100014440523788656457771501985536096796",
"143855981072858638742649497297346318275",
"304957312594902254402289931399527963864",
"338849199397556094847416328281985800135",
"317564239916859409192601520273827252778",
"338643897419915378293146123011042004316",
"199266406252772102835882516243958054573",
"312340902303747084038756700705899195716",
"224611784647327860064545308910946648673",
"99362035129660395056474764849709039223",
"77243543439991348249478732965513036048",
"246259111522679820922680836824843907980"
],
"threshold": 0.9
},
"signature_type": "Line"
}
]
}