Vulnerabilites related to Spring - Spring Security
cve-2019-11272
Vulnerability from cvelistv5
Published
2019-06-26 14:06
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2019-11272 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Version: 4.2 < 4.2.13.RELEASE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:48:09.049Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2019-11272", }, { name: "[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Security", vendor: "Spring", versions: [ { lessThan: "4.2.13.RELEASE", status: "affected", version: "4.2", versionType: "custom", }, ], }, ], datePublic: "2019-06-20T00:00:00", descriptions: [ { lang: "en", value: "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \"null\".", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287: Improper Authentication - Generic", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-09T08:06:02", orgId: "862b2186-222f-48b9-af87-f1fb7bb26d03", shortName: "pivotal", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2019-11272", }, { name: "[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html", }, ], source: { discovery: "UNKNOWN", }, title: "PlaintextPasswordEncoder authenticates encoded passwords that are null", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@pivotal.io", DATE_PUBLIC: "2019-06-20T20:19:44.000Z", ID: "CVE-2019-11272", STATE: "PUBLIC", TITLE: "PlaintextPasswordEncoder authenticates encoded passwords that are null", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Security", version: { version_data: [ { affected: "<", version_affected: "<", version_name: "4.2", version_value: "4.2.13.RELEASE", }, ], }, }, ], }, vendor_name: "Spring", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \"null\".", }, ], }, impact: null, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287: Improper Authentication - Generic", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2019-11272", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2019-11272", }, { name: "[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "862b2186-222f-48b9-af87-f1fb7bb26d03", assignerShortName: "pivotal", cveId: "CVE-2019-11272", datePublished: "2019-06-26T14:06:15.312137Z", dateReserved: "2019-04-18T00:00:00", dateUpdated: "2024-09-16T19:25:59.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-22228
Vulnerability from cvelistv5
Published
2025-03-20 05:49
Modified
2025-03-21 16:09
Severity ?
EPSS score ?
Summary
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Version: 5.7.x Version: 5.8.x Version: 6.0.x Version: 6.1.x Version: 6.2.x Version: 6.3.x Version: 6.4.x |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-22228", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-21T03:55:17.357088Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-21T16:09:31.664Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", packageName: "Spring Security", product: "Spring Security", vendor: "Spring", versions: [ { lessThan: "5.7.16", status: "affected", version: "5.7.x", versionType: "Enterprise Support Only", }, { lessThan: "5.8.18", status: "affected", version: "5.8.x", versionType: "Enterprise Support Only", }, { lessThan: "6.0.16", status: "affected", version: "6.0.x", versionType: "Enterprise Support Only", }, { lessThan: "6.1.14", status: "affected", version: "6.1.x", versionType: "Enterprise Support Only", }, { lessThan: "6.2.10", status: "affected", version: "6.2.x", versionType: "Enterprise Support Only", }, { lessThan: "6.3.8", status: "affected", version: "6.3.x", versionType: "OSS", }, { lessThan: "6.4.4", status: "affected", version: "6.4.x", versionType: "OSS", }, ], }, ], datePublic: "2025-03-19T08:44:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<code>BCryptPasswordEncoder.matches(CharSequence,String)</code><span style=\"background-color: rgb(255, 255, 255);\"> will incorrectly return </span><code>true</code><span style=\"background-color: rgb(255, 255, 255);\"> for passwords larger than 72 characters as long as the first 72 characters are the same.</span><br>", }, ], value: "BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T05:49:19.275Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2025-22228", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2025-22228", datePublished: "2025-03-20T05:49:19.275Z", dateReserved: "2025-01-02T04:29:59.191Z", dateUpdated: "2025-03-21T16:09:31.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3795
Vulnerability from cvelistv5
Published
2019-04-09 15:29
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2019-3795 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107802 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Version: 5.0 < 5.0.11.RELEASE Version: 5.1 < 5.1.4.RELEASE Version: 4.2 < 4.2.11.RELEASE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2019-3795", }, { name: "107802", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107802", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1794-1] libspring-security-2.0-java security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Security", vendor: "Spring", versions: [ { lessThan: "5.0.11.RELEASE", status: "affected", version: "5.0", versionType: "custom", }, { lessThan: "5.1.4.RELEASE", status: "affected", version: "5.1", versionType: "custom", }, { lessThan: "4.2.11.RELEASE", status: "affected", version: "4.2", versionType: "custom", }, ], }, ], datePublic: "2019-04-04T00:00:00", descriptions: [ { lang: "en", value: "Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-330", description: "CWE-330: Use of Insufficiently Random Values", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-20T05:06:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2019-3795", }, { name: "107802", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107802", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1794-1] libspring-security-2.0-java security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html", }, ], source: { discovery: "UNKNOWN", }, title: "Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", DATE_PUBLIC: "2019-04-04T18:01:40.000Z", ID: "CVE-2019-3795", STATE: "PUBLIC", TITLE: "Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Security", version: { version_data: [ { affected: "<", version_affected: "<", version_name: "5.0", version_value: "5.0.11.RELEASE", }, { affected: "<", version_affected: "<", version_name: "5.1", version_value: "5.1.4.RELEASE", }, { affected: "<", version_affected: "<", version_name: "4.2", version_value: "4.2.11.RELEASE", }, ], }, }, ], }, vendor_name: "Spring", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-330: Use of Insufficiently Random Values", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2019-3795", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2019-3795", }, { name: "107802", refsource: "BID", url: "http://www.securityfocus.com/bid/107802", }, { name: "[debian-lts-announce] 20190520 [SECURITY] [DLA 1794-1] libspring-security-2.0-java security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3795", datePublished: "2019-04-09T15:29:02.127885Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T00:02:03.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-22223
Vulnerability from cvelistv5
Published
2025-03-24 17:42
Modified
2025-03-24 18:06
Severity ?
EPSS score ?
Summary
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.
You are not affected if you are not using @EnableMethodSecurity, or
you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Version: 6.4.0-6.4.3 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-22223", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-24T18:04:57.845346Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-24T18:06:24.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spring Security", vendor: "Spring", versions: [ { status: "affected", version: "6.4.0-6.4.3", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. \n\n<span style=\"background-color: rgb(255, 255, 255);\">You are not affected if you are not using @EnableMethodSecurity, or<br>you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods</span></span>", }, ], value: "Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. \n\nYou are not affected if you are not using @EnableMethodSecurity, or\nyou do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T17:42:49.634Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2025-22223", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2025-22223", datePublished: "2025-03-24T17:42:49.634Z", dateReserved: "2025-01-02T04:29:30.445Z", dateUpdated: "2025-03-24T18:06:24.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-22234
Vulnerability from cvelistv5
Published
2024-02-20 07:02
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Version: 6.1.x Version: 6.2.x |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "spring_security", vendor: "vmware", versions: [ { lessThan: "6.1.7", status: "affected", version: "6.1.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "spring_security", vendor: "vmware", versions: [ { lessThan: "6.2.2", status: "affected", version: "6.2.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-22234", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-21T19:46:52.509563Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-26T17:21:05.285Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:43:33.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://spring.io/security/cve-2024-22234", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240315-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spring Security", vendor: "Spring", versions: [ { lessThan: "6.1.7", status: "affected", version: "6.1.x", versionType: "6.1.7", }, { lessThan: "6.2.2", status: "affected", version: "6.2.x", versionType: "6.2.2", }, ], }, ], datePublic: "2024-02-19T08:59:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the <code>AuthenticationTrustResolver.isFullyAuthenticated(Authentication)</code> method.</p><p>Specifically, an application is vulnerable if:</p><ul><li>The application uses <code>AuthenticationTrustResolver.isFullyAuthenticated(Authentication)</code> directly and a <code>null</code> authentication parameter is passed to it resulting in an erroneous <code>true</code> return value.</li></ul><p>An application is not vulnerable if any of the following is true:</p><ul><li>The application does not use <code>AuthenticationTrustResolver.isFullyAuthenticated(Authentication)</code> directly.</li><li>The application does not pass <code>null</code> to <code>AuthenticationTrustResolver.isFullyAuthenticated</code></li><li>The application only uses <code>isFullyAuthenticated</code> via <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\">Method Security</a> or <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\">HTTP Request Security</a></li></ul><br>", }, ], value: "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.\n * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-15T11:06:18.496Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2024-22234", }, { url: "https://security.netapp.com/advisory/ntap-20240315-0003/", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2024-22234", datePublished: "2024-02-20T07:02:50.873Z", dateReserved: "2024-01-08T16:40:16.141Z", dateUpdated: "2025-02-13T17:33:37.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38810
Vulnerability from cvelistv5
Published
2024-08-20 03:35
Modified
2024-08-20 13:34
Severity ?
EPSS score ?
Summary
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| spring | spring security |
Version: 6.3.x < 6.3.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38810", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T13:34:39.309830Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-20T13:34:50.068Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "spring security", vendor: "spring", versions: [ { lessThan: "6.3.2", status: "affected", version: "6.3.x", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<h1>Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.<br></h1><br>", }, ], value: "Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T03:35:24.795Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2024-38810", }, ], source: { discovery: "UNKNOWN", }, title: "Missing Authorization When Using @AuthorizeReturnObject", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2024-38810", datePublished: "2024-08-20T03:35:24.795Z", dateReserved: "2024-06-19T22:31:57.187Z", dateUpdated: "2024-08-20T13:34:50.068Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }