All the vulnerabilites related to Spring - Spring
cve-2024-38821
Vulnerability from cvelistv5
Published
2024-10-28 07:06
Modified
2024-11-01 03:55
Severity ?
EPSS score ?
Summary
Authorization Bypass of Static Resources in WebFlux Applications
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spring:webflux:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webflux",
"vendor": "spring",
"versions": [
{
"lessThan": "5.7.13",
"status": "affected",
"version": "5.7.x",
"versionType": "custom"
},
{
"lessThan": "5.8.15",
"status": "affected",
"version": "5.8x",
"versionType": "custom"
},
{
"lessThan": "6.0.13",
"status": "affected",
"version": "6.0x",
"versionType": "custom"
},
{
"lessThan": "6.1.11",
"status": "affected",
"version": "6.1x",
"versionType": "custom"
},
{
"lessThan": "6.2.7",
"status": "affected",
"version": "6.2x",
"versionType": "custom"
},
{
"lessThan": "6.3.4",
"status": "affected",
"version": "6.3x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T03:55:20.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring Security",
"product": "Spring",
"vendor": "Spring",
"versions": [
{
"lessThan": "5.7.13",
"status": "affected",
"version": "5.7.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "5.8.15",
"status": "affected",
"version": "5.8.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.0.13",
"status": "affected",
"version": "6.0.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.1.11",
"status": "affected",
"version": "6.1.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.2.7",
"status": "affected",
"version": "6.2.x",
"versionType": "OSS"
},
{
"lessThan": "6.3.4",
"status": "affected",
"version": "6.3.x",
"versionType": "OSS"
}
]
}
],
"datePublic": "2024-10-22T05:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.\u003c/p\u003e\u003cp\u003eFor this to impact an application, all of the following must be true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eIt must be a WebFlux application\u003c/li\u003e\u003cli\u003eIt must be using Spring\u0027s static resources support\u003c/li\u003e\u003cli\u003eIt must have a non-permitAll authorization rule applied to the static resources support\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances.\n\nFor this to impact an application, all of the following must be true:\n\n * It must be a WebFlux application\n * It must be using Spring\u0027s static resources support\n * It must have a non-permitAll authorization rule applied to the static resources support"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T07:06:13.404Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38821"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authorization Bypass of Static Resources in WebFlux Applications",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38821",
"datePublished": "2024-10-28T07:06:13.404Z",
"dateReserved": "2024-06-19T22:32:06.583Z",
"dateUpdated": "2024-11-01T03:55:20.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22258
Vulnerability from cvelistv5
Published
2024-03-20 03:58
Modified
2024-08-02 19:20
Severity ?
EPSS score ?
Summary
CVE-2024-22258: PKCE Downgrade in Spring Authorization Server
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22258"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:20:26.714356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:20:35.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring Authorization Server",
"product": "Spring",
"vendor": "Spring",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "1.0.x",
"versionType": "enterprise support only"
},
{
"lessThan": "1.1.6",
"status": "affected",
"version": "1.1.x",
"versionType": "oss"
},
{
"lessThan": "1.2.3",
"status": "affected",
"version": "1.2.x\t",
"versionType": "oss"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable when a \u003cstrong\u003eConfidential Client\u003c/strong\u003e\u0026nbsp;uses PKCE for the Authorization Code Grant.\u003c/p\u003e\u003cp\u003eAn application is not vulnerable when a \u003cstrong\u003ePublic Client\u003c/strong\u003e\u0026nbsp;uses PKCE for the Authorization Code Grant.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients.\n\nSpecifically, an application is vulnerable when a Confidential Client\u00a0uses PKCE for the Authorization Code Grant.\n\nAn application is not vulnerable when a Public Client\u00a0uses PKCE for the Authorization Code Grant.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T03:58:15.047Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22258"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-22258: PKCE Downgrade in Spring Authorization Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22258",
"datePublished": "2024-03-20T03:58:13.125Z",
"dateReserved": "2024-01-08T18:43:15.943Z",
"dateUpdated": "2024-08-02T19:20:35.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38816
Vulnerability from cvelistv5
Published
2024-09-13 06:10
Modified
2024-09-13 13:45
Severity ?
EPSS score ?
Summary
CVE-2024-38816: Path traversal vulnerability in functional web frameworks
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spring_by_vmware_tanzu:spring_framework:5.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spring_framework",
"vendor": "spring_by_vmware_tanzu",
"versions": [
{
"lessThan": "5.3.40",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:spring_by_vmware_tanzu:spring_framework:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spring_framework",
"vendor": "spring_by_vmware_tanzu",
"versions": [
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:spring_by_vmware_tanzu:spring_framework:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spring_framework",
"vendor": "spring_by_vmware_tanzu",
"versions": [
{
"lessThan": "6.1.13",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T13:40:55.861149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T13:45:05.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring Framework",
"product": "Spring",
"vendor": "Spring",
"versions": [
{
"lessThan": "5.3.40",
"status": "affected",
"version": "5.3.x",
"versionType": "enterprise Support Only"
},
{
"lessThan": "6.0.24",
"status": "affected",
"version": "6.0.x",
"versionType": "enterprise Support Only"
},
{
"lessThan": "6.1.13",
"status": "affected",
"version": "6.1.x",
"versionType": "OSS"
}
]
}
],
"datePublic": "2024-09-12T05:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApplications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable when both of the following are true:\u003c/p\u003e\u003cul\u003e\u003cli\u003ethe web application uses \u003ccode\u003eRouterFunctions\u003c/code\u003e\u0026nbsp;to serve static resources\u003c/li\u003e\u003cli\u003eresource handling is explicitly configured with a \u003ccode\u003eFileSystemResource\u003c/code\u003e\u0026nbsp;location\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eHowever, malicious requests are blocked and rejected when any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003ethe \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html\"\u003eSpring Security HTTP Firewall\u003c/a\u003e\u0026nbsp;is in use\u003c/li\u003e\u003cli\u003ethe application runs on Tomcat or Jetty\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.\n\nSpecifically, an application is vulnerable when both of the following are true:\n\n * the web application uses RouterFunctions\u00a0to serve static resources\n * resource handling is explicitly configured with a FileSystemResource\u00a0location\n\n\nHowever, malicious requests are blocked and rejected when any of the following is true:\n\n * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html \u00a0is in use\n * the application runs on Tomcat or Jetty"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T06:10:06.598Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38816"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-38816: Path traversal vulnerability in functional web frameworks",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38816",
"datePublished": "2024-09-13T06:10:06.598Z",
"dateReserved": "2024-06-19T22:32:06.582Z",
"dateUpdated": "2024-09-13T13:45:05.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}