Search criteria
66 vulnerabilities found for spring_security by vmware
FKIE_CVE-2024-38810
Vulnerability from fkie_nvd - Published: 2024-08-20 04:15 - Updated: 2025-02-28 22:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://spring.io/security/cve-2024-38810 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5679320B-C018-403C-8A45-0FB951B767D6",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective."
},
{
"lang": "es",
"value": "La falta de autorizaci\u00f3n al usar @AuthorizeReturnObject en Spring Security 6.3.0 y 6.3.1 permite al atacante hacer que las anotaciones de seguridad sean inefectivas."
}
],
"id": "CVE-2024-38810",
"lastModified": "2025-02-28T22:44:24.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-20T04:15:07.993",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-38810"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-22234
Vulnerability from fkie_nvd - Published: 2024-02-20 07:15 - Updated: 2025-04-02 20:10
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20240315-0003/ | Third Party Advisory | |
| security@vmware.com | https://spring.io/security/cve-2024-22234 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240315-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://spring.io/security/cve-2024-22234 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564058EB-83BD-4201-92DE-0E1AE03010C1",
"versionEndExcluding": "6.1.7",
"versionStartIncluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00671E75-D41E-4F65-9F61-5F6DEDAA0D5A",
"versionEndExcluding": "6.2.2",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
},
{
"lang": "es",
"value": "En Spring Security, versiones 6.1.x anteriores a 6.1.7 y versiones 6.2.x anteriores a 6.2.2, una aplicaci\u00f3n es vulnerable a un control de acceso roto cuando utiliza directamente el m\u00e9todo AuthenticationTrustResolver.isFullyAuthenticated(Authentication). Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si: * La aplicaci\u00f3n usa AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente y se le pasa un par\u00e1metro de autenticaci\u00f3n nulo, lo que genera un valor de retorno verdadero err\u00f3neo. Una aplicaci\u00f3n no es vulnerable si se cumple alguna de las siguientes condiciones: * La aplicaci\u00f3n no utiliza AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directamente. * La aplicaci\u00f3n no pasa nulo a AuthenticationTrustResolver.isFullyAuthenticated * La aplicaci\u00f3n solo usa isFullyAuthenticated a trav\u00e9s de Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html o HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"id": "CVE-2024-22234",
"lastModified": "2025-04-02T20:10:31.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-20T07:15:09.967",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-22234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2024-22234"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-34042
Vulnerability from fkie_nvd - Published: 2024-02-05 22:15 - Updated: 2025-06-03 19:15
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
The spring-security.xsd file inside the
spring-security-config jar is world writable which means that if it were
extracted it could be written by anyone with access to the file system.
While there are no known exploits, this is an example of “CWE-732:
Incorrect Permission Assignment for Critical Resource” and could result
in an exploit. Users should update to the latest version of Spring
Security to mitigate any future exploits found around this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | 5.7.9 | |
| vmware | spring_security | 5.7.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C39570F8-3624-4CC5-AFC0-E45B060BDEAF",
"versionEndExcluding": "5.8.7",
"versionStartIncluding": "5.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D26A2C2D-651A-4696-A7EF-36172BDA70FE",
"versionEndExcluding": "6.0.7",
"versionStartIncluding": "6.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA03FA3-ACE0-4B22-B084-DEC834EB2F5A",
"versionEndExcluding": "6.1.4",
"versionStartIncluding": "6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "61397AD3-0A8F-4B9A-9B66-E27CA64392A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:5.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F4313-761C-4A30-A891-156EFF583822",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El archivo spring-security.xsd dentro del jar spring-security-config se puede escribir en todo el mundo, lo que significa que si se extrajera, cualquier persona con acceso al sistema de archivos podr\u00eda escribirlo. Si bien no se conocen exploits, este es un ejemplo de \"CWE-732: Asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos\" y podr\u00eda resultar en un exploit. Los usuarios deben actualizar a la \u00faltima versi\u00f3n de Spring Security para mitigar cualquier vulnerabilidad futura que se encuentre en torno a este problema."
}
],
"id": "CVE-2023-34042",
"lastModified": "2025-06-03T19:15:32.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-05T22:15:55.210",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-34042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241129-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-34042"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-34034
Vulnerability from fkie_nvd - Published: 2023-07-19 15:15 - Updated: 2024-11-21 08:06
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3733907C-9C06-4C09-B1DA-084EEB1A74CD",
"versionEndExcluding": "5.6.12",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6517F944-32C8-4C0A-A0C6-A101C1C9580A",
"versionEndExcluding": "5.7.10",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C459A8B6-D5BD-4504-90DF-B539AFD4027E",
"versionEndExcluding": "5.8.5",
"versionStartIncluding": "5.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC21F29-5A00-49C9-BDBD-F488E6E35AE3",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F8781A-895F-4602-BA07-32BF2DF04CC9",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n"
}
],
"id": "CVE-2023-34034",
"lastModified": "2024-11-21T08:06:26.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-19T15:15:11.127",
"references": [
{
"source": "security@vmware.com",
"url": "https://security.netapp.com/advisory/ntap-20230814-0008/"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-34034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230814-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-34034"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-34035
Vulnerability from fkie_nvd - Published: 2023-07-18 16:15 - Updated: 2024-11-21 08:06
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)
Specifically, an application is vulnerable when all of the following are true:
* Spring MVC is on the classpath
* Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet)
* The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints
An application is not vulnerable if any of the following is true:
* The application does not have Spring MVC on the classpath
* The application secures no servlets other than Spring MVC’s DispatcherServlet
* The application uses requestMatchers(String) only for Spring MVC endpoints
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://spring.io/security/cve-2023-34035 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://spring.io/security/cve-2023-34035 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C459A8B6-D5BD-4504-90DF-B539AFD4027E",
"versionEndExcluding": "5.8.5",
"versionStartIncluding": "5.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC21F29-5A00-49C9-BDBD-F488E6E35AE3",
"versionEndExcluding": "6.0.5",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F8781A-895F-4602-BA07-32BF2DF04CC9",
"versionEndExcluding": "6.1.2",
"versionStartIncluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.8\u00a0prior to 5.8.5, 6.0\u00a0prior to 6.0.5,\u00a0and 6.1\u00a0prior to 6.1.2\u00a0could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String)\u00a0and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u00a0(DispatcherServlet\u00a0is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * Spring MVC is on the classpath\n * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s DispatcherServlet)\n * The application uses requestMatchers(String)\u00a0to refer to endpoints that are not Spring MVC endpoints\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not have Spring MVC on the classpath\n * The application secures no servlets other than Spring MVC\u2019s DispatcherServlet\n * The application uses requestMatchers(String)\u00a0only for Spring MVC endpoints\n\n\n\n"
}
],
"id": "CVE-2023-34035",
"lastModified": "2024-11-21T08:06:26.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-18T16:15:11.753",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-34035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-34035"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-20862
Vulnerability from fkie_nvd - Published: 2023-04-19 20:15 - Updated: 2025-02-05 16:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20230526-0002/ | Third Party Advisory | |
| security@vmware.com | https://spring.io/security/cve-2023-20862 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230526-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://spring.io/security/cve-2023-20862 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C04C9B3-2ED2-488B-914D-62EF7278AB06",
"versionEndExcluding": "5.7.8",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08A62341-0018-4D6D-9920-6D4907B7FE5D",
"versionEndExcluding": "5.8.3",
"versionStartIncluding": "5.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACA91F9-3202-4F62-8D6C-EA376B8620C6",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3."
}
],
"id": "CVE-2023-20862",
"lastModified": "2025-02-05T16:15:33.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-19T20:15:10.910",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
},
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-20862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://spring.io/security/cve-2023-20862"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-459"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31692
Vulnerability from fkie_nvd - Published: 2022-10-31 20:15 - Updated: 2025-05-06 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20221215-0010/ | Third Party Advisory | |
| security@vmware.com | https://tanzu.vmware.com/security/cve-2022-31692 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221215-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tanzu.vmware.com/security/cve-2022-31692 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6D55EC-9C02-437C-B23E-537ACD7725CD",
"versionEndExcluding": "5.6.9",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9ED79BC-5015-4198-8D9C-52EC2A150582",
"versionEndExcluding": "5.7.5",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)"
},
{
"lang": "es",
"value": "Spring Security, las versiones 5.7 anteriores a 5.7.5 y 5.6 anteriores a 5.6.9 podr\u00edan ser susceptibles a que las reglas de autorizaci\u00f3n se omitan mediante reenv\u00edo o incluyan tipos de despachadores. Espec\u00edficamente, una aplicaci\u00f3n es vulnerable cuando se cumple todo lo siguiente: La aplicaci\u00f3n espera que Spring Security aplique seguridad para reenviar e incluir tipos de despachadores. La aplicaci\u00f3n utiliza AuthorizationFilter manualmente o mediante el m\u00e9todo AuthorizeHttpRequests(). La aplicaci\u00f3n configura FilterChainProxy para aplicarlo a solicitudes de reenv\u00edo y/o inclusi\u00f3n (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). La aplicaci\u00f3n puede reenviar o incluir la solicitud a endpoint con privilegios m\u00e1s altos. La aplicaci\u00f3n configura Spring Security para aplicar a cada tipo de despachador a trav\u00e9s de AuthorizeHttpRequests().shouldFilterAllDispatcherTypes(true)\n"
}
],
"id": "CVE-2022-31692",
"lastModified": "2025-05-06T16:15:23.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-31T20:15:12.783",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
},
{
"source": "security@vmware.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31692"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31690
Vulnerability from fkie_nvd - Published: 2022-10-31 20:15 - Updated: 2025-05-08 19:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20221215-0010/ | Third Party Advisory | |
| security@vmware.com | https://tanzu.vmware.com/security/cve-2022-31690 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20221215-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tanzu.vmware.com/security/cve-2022-31690 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B6D55EC-9C02-437C-B23E-537ACD7725CD",
"versionEndExcluding": "5.6.9",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9ED79BC-5015-4198-8D9C-52EC2A150582",
"versionEndExcluding": "5.7.5",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
},
{
"lang": "es",
"value": "Spring Security, las versiones 5.7 anteriores a 5.7.5 y 5.6 anteriores a 5.6.9 y las versiones anteriores no compatibles podr\u00edan ser susceptibles a una escalada de privilegios bajo ciertas condiciones. Un usuario malicioso o un atacante puede modificar una solicitud iniciada por el Cliente (a trav\u00e9s del navegador) al Servidor de Autorizaci\u00f3n, lo que puede provocar una escalada de privilegios en la aprobaci\u00f3n posterior. Este escenario puede ocurrir si el Servidor de Autorizaci\u00f3n con OAuth2 Access Token Response que contiene una lista de alcance vac\u00eda (seg\u00fan RFC 6749, secci\u00f3n 5.1) en la solicitud posterior al extremo del token para obtener el token de acceso."
}
],
"id": "CVE-2022-31690",
"lastModified": "2025-05-08T19:15:52.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-10-31T20:15:12.727",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
},
{
"source": "security@vmware.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31690"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22976
Vulnerability from fkie_nvd - Published: 2022-05-19 15:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://security.netapp.com/advisory/ntap-20220707-0003/ | Third Party Advisory | |
| security@vmware.com | https://tanzu.vmware.com/security/cve-2022-22976 | Mitigation, Vendor Advisory | |
| security@vmware.com | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220707-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tanzu.vmware.com/security/cve-2022-22976 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| vmware | spring_security | 5.2.0 | |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 | |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDB5C51-8FAA-4138-893B-56F792637CFE",
"versionEndExcluding": "5.5.7",
"versionStartIncluding": "5.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D9A4E3-CC02-48FD-AD99-8DE89490B614",
"versionEndExcluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:5.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D508FDA8-A5CC-42F7-A259-4B1FB5AE6D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE."
},
{
"lang": "es",
"value": "Spring Security versiones 5.5.x anteriores a 5.5.7, 5.6.x anteriores a 5.6.4 y versiones anteriores no soportadas, contienen una vulnerabilidad de desbordamiento de enteros. Cuando es usada la clase BCrypt con el m\u00e1ximo factor de trabajo (31), el codificador no lleva a cabo ninguna ronda salt, debido a un error de desbordamiento de enteros. La configuraci\u00f3n por defecto no est\u00e1 afectada por esta CVE"
}
],
"id": "CVE-2022-22976",
"lastModified": "2024-11-21T06:47:43.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T15:15:08.000",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
},
{
"source": "security@vmware.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22978
Vulnerability from fkie_nvd - Published: 2022-05-19 15:15 - Updated: 2024-11-21 06:47
Severity ?
Summary
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | spring_security | * | |
| vmware | spring_security | * | |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.2.0 | |
| oracle | financial_services_crime_and_compliance_management_studio | 8.0.8.3.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "214281C4-5255-4CC0-BF46-3CF523FF8B78",
"versionEndExcluding": "5.5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D9A4E3-CC02-48FD-AD99-8DE89490B614",
"versionEndExcluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass."
},
{
"lang": "es",
"value": "En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser f\u00e1cilmente configurado de forma incorrecta para ser evitado en algunos contenedores de servlets. Las aplicaciones que utilizan RegexRequestMatcher con `.` en la expresi\u00f3n regular son posiblemente vulnerables a un bypass de autorizaci\u00f3n"
}
],
"id": "CVE-2022-22978",
"lastModified": "2024-11-21T06:47:43.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-19T15:15:08.057",
"references": [
{
"source": "security@vmware.com",
"url": "https://spring.io/security/cve-2022-22978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://spring.io/security/cve-2022-22978"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-38810 (GCVE-0-2024-38810)
Vulnerability from cvelistv5 – Published: 2024-08-20 03:35 – Updated: 2024-08-20 13:34
VLAI?
Summary
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
Severity ?
6.5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| spring | spring security |
Affected:
6.3.x , < 6.3.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T13:34:39.309830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:34:50.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "spring security",
"vendor": "spring",
"versions": [
{
"lessThan": "6.3.2",
"status": "affected",
"version": "6.3.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch1\u003eMissing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.\u003cbr\u003e\u003c/h1\u003e\u003cbr\u003e"
}
],
"value": "Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T03:35:24.795Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38810"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization When Using @AuthorizeReturnObject",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38810",
"datePublished": "2024-08-20T03:35:24.795Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2024-08-20T13:34:50.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22234 (GCVE-0-2024-22234)
Vulnerability from cvelistv5 – Published: 2024-02-20 07:02 – Updated: 2025-02-13 17:33
VLAI?
Summary
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Severity ?
7.4 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Affected:
6.1.x , < 6.1.7
(6.1.7)
Affected: 6.2.x , < 6.2.2 (6.2.2) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:46:52.509563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:21:05.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22234"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.x",
"versionType": "6.1.7"
},
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.x",
"versionType": "6.2.2"
}
]
}
],
"datePublic": "2024-02-19T08:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;method.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable if:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly and a \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;authentication parameter is passed to it resulting in an erroneous \u003ccode\u003etrue\u003c/code\u003e\u0026nbsp;return value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not use \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly.\u003c/li\u003e\u003cli\u003eThe application does not pass \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;to \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application only uses \u003ccode\u003eisFullyAuthenticated\u003c/code\u003e\u0026nbsp;via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\"\u003eMethod Security\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"\u003eHTTP Request Security\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:18.496Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22234"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22234",
"datePublished": "2024-02-20T07:02:50.873Z",
"dateReserved": "2024-01-08T16:40:16.141Z",
"dateUpdated": "2025-02-13T17:33:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34042 (GCVE-0-2023-34042)
Vulnerability from cvelistv5 – Published: 2024-02-05 22:00 – Updated: 2025-06-03 18:51
VLAI?
Summary
The spring-security.xsd file inside the
spring-security-config jar is world writable which means that if it were
extracted it could be written by anyone with access to the file system.
While there are no known exploits, this is an example of “CWE-732:
Incorrect Permission Assignment for Critical Resource” and could result
in an exploit. Users should update to the latest version of Spring
Security to mitigate any future exploits found around this issue.
Severity ?
4.1 (Medium)
CWE
- Incorrect Permission Assignment for spring-security.xsd
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| N/A | Spring Security |
Affected:
Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T16:00:46.931733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T18:51:02.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:39.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-34042"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cdiv\u003e\u003cp\u003eThe spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\u003c/p\u003e\n\u003cp\u003eWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\u003c/p\u003e\u003c/div\u003e\n\n"
}
],
"value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for spring-security.xsd",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T22:00:01.075Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-34042"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34042",
"datePublished": "2024-02-05T22:00:01.075Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2025-06-03T18:51:02.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34034 (GCVE-0-2023-34034)
Vulnerability from cvelistv5 – Published: 2023-07-19 14:16 – Updated: 2024-10-28 14:40
VLAI?
Summary
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
Severity ?
9.1 (Critical)
CWE
- potential for a security bypass
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security 6.1.0 , ≤ 6.1.1
( )
Affected: Spring Security 6.0.0 , ≤ 6.0.4 ( ) Affected: Spring Security 5.8.0 , ≤ 5.8.4 ( ) Affected: Spring Security 5.7.0 , ≤ 5.7.9 ( ) Affected: Spring Security 5.6.0 , ≤ 5.6.11 ( ) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-34034"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230814-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T14:34:24.503021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T14:40:32.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"lessThanOrEqual": "6.1.1",
"status": "affected",
"version": "Spring Security 6.1.0",
"versionType": " "
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "Spring Security 6.0.0 ",
"versionType": " "
},
{
"lessThanOrEqual": "5.8.4",
"status": "affected",
"version": "Spring Security 5.8.0",
"versionType": " "
},
{
"lessThanOrEqual": "5.7.9 ",
"status": "affected",
"version": "Spring Security 5.7.0 ",
"versionType": " "
},
{
"lessThanOrEqual": "5.6.11",
"status": "affected",
"version": "Spring Security 5.6.0",
"versionType": " "
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUsing \u003ccode\u003e\"**\"\u003c/code\u003e as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n"
}
],
"value": "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "potential for a security bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T14:16:12.150Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-34034"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230814-0008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34034",
"datePublished": "2023-07-19T14:16:12.150Z",
"dateReserved": "2023-05-25T17:21:56.199Z",
"dateUpdated": "2024-10-28T14:40:32.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34035 (GCVE-0-2023-34035)
Vulnerability from cvelistv5 – Published: 2023-07-18 15:29 – Updated: 2024-10-25 15:47
VLAI?
Summary
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)
Specifically, an application is vulnerable when all of the following are true:
* Spring MVC is on the classpath
* Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet)
* The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints
An application is not vulnerable if any of the following is true:
* The application does not have Spring MVC on the classpath
* The application secures no servlets other than Spring MVC’s DispatcherServlet
* The application uses requestMatchers(String) only for Spring MVC endpoints
Severity ?
7.3 (High)
CWE
- Authorization rule misconfiguration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security 5.8.0 to 5.8.4, Spring Security 6.0.0 to 6.0.4, Spring Security 6.1.0 to 6.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-34035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T15:47:27.642233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:47:50.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security 5.8.0 to 5.8.4, Spring Security 6.0.0 to 6.0.4, Spring Security 6.1.0 to 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpring Security versions \u003c/span\u003e\u003cstrong\u003e5.8\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prior to \u003c/span\u003e\u003cstrong\u003e5.8.5\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003cstrong\u003e6.0\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prior to \u003c/span\u003e\u003cstrong\u003e6.0.5,\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003e6.1\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prior to \u003c/span\u003e\u003cstrong\u003e6.1.2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;could be susceptible to authorization rule misconfiguration if the application uses \u003c/span\u003e\u003ccode\u003erequestMatchers(String)\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(\u003c/span\u003e\u003ccode\u003eDispatcherServlet\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is a Spring MVC component that maps HTTP endpoints to methods on \u003c/span\u003e\u003ccode\u003e@Controller\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-annotated classes.)\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eSpecifically, an application is vulnerable when all of the following are true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSpring MVC is on the classpath\u003c/li\u003e\u003cli\u003eSpring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s \u003ccode\u003eDispatcherServlet\u003c/code\u003e)\u003c/li\u003e\u003cli\u003eThe application uses \u003ccode\u003erequestMatchers(String)\u003c/code\u003e\u0026nbsp;to refer to endpoints that are not Spring MVC endpoints\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not have Spring MVC on the classpath\u003c/li\u003e\u003cli\u003eThe application secures no servlets other than Spring MVC\u2019s \u003ccode\u003eDispatcherServlet\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application uses \u003ccode\u003erequestMatchers(String)\u003c/code\u003e\u0026nbsp;only for Spring MVC endpoints\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Spring Security versions 5.8\u00a0prior to 5.8.5, 6.0\u00a0prior to 6.0.5,\u00a0and 6.1\u00a0prior to 6.1.2\u00a0could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String)\u00a0and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u00a0(DispatcherServlet\u00a0is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * Spring MVC is on the classpath\n * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s DispatcherServlet)\n * The application uses requestMatchers(String)\u00a0to refer to endpoints that are not Spring MVC endpoints\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not have Spring MVC on the classpath\n * The application secures no servlets other than Spring MVC\u2019s DispatcherServlet\n * The application uses requestMatchers(String)\u00a0only for Spring MVC endpoints\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization rule misconfiguration",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T15:29:10.091Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-34035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34035",
"datePublished": "2023-07-18T15:29:10.091Z",
"dateReserved": "2023-05-25T17:21:56.200Z",
"dateUpdated": "2024-10-25T15:47:50.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20862 (GCVE-0-2023-20862)
Vulnerability from cvelistv5 – Published: 2023-04-19 00:00 – Updated: 2025-02-05 15:47
VLAI?
Summary
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Severity ?
6.3 (Medium)
CWE
- Empty SecurityContext Is Not Properly Saved Upon Logout
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:32.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-20862"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:45:51.141064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:47:05.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Empty SecurityContext Is Not Properly Saved Upon Logout",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-20862"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20862",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2022-11-01T00:00:00.000Z",
"dateUpdated": "2025-02-05T15:47:05.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31690 (GCVE-0-2022-31690)
Vulnerability from cvelistv5 – Published: 2022-10-31 00:00 – Updated: 2025-05-08 18:47
VLAI?
Summary
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
Severity ?
8.1 (High)
CWE
- Privilege Escalation in spring-security-oauth2-client
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31690"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:42:47.671600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:47:35.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation in spring-security-oauth2-client",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://tanzu.vmware.com/security/cve-2022-31690"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31690",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-05-08T18:47:35.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31692 (GCVE-0-2022-31692)
Vulnerability from cvelistv5 – Published: 2022-10-31 00:00 – Updated: 2025-05-06 15:53
VLAI?
Summary
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
Severity ?
9.8 (Critical)
CWE
- Spring is susceptible to authorization rules bypass via forward or include dispatcher types.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring by VMware |
Affected:
5.7 to 5.7.4, 5.6 to 5.6.8 and older versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31692"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:52:10.845854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:53:54.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring by VMware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.7 to 5.7.4, 5.6 to 5.6.8 and older versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spring is susceptible to authorization rules bypass via forward or include dispatcher types.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://tanzu.vmware.com/security/cve-2022-31692"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31692",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-05-06T15:53:54.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22976 (GCVE-0-2022-22976)
Vulnerability from cvelistv5 – Published: 2022-05-19 14:50 – Updated: 2024-08-03 03:28
VLAI?
Summary
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
Severity ?
No CVSS data available.
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:47:52",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"version_value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2022-22976",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220707-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22976",
"datePublished": "2022-05-19T14:50:46",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22978 (GCVE-0-2022-22978)
Vulnerability from cvelistv5 – Published: 2022-05-19 00:00 – Updated: 2024-08-03 03:28
VLAI?
Summary
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Severity ?
No CVSS data available.
CWE
- CWE-863 - improper authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring security versions 5.4.x prior to 5.4.11+,5.5.x prior to 5.5.7+,5.6.x prior to 5.6.4+ and all earlier unsupported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2022-22978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring security versions 5.4.x prior to 5.4.11+,5.5.x prior to 5.5.7+,5.6.x prior to 5.6.4+ and all earlier unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863- improper authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2022-22978"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22978",
"datePublished": "2022-05-19T00:00:00",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38810 (GCVE-0-2024-38810)
Vulnerability from nvd – Published: 2024-08-20 03:35 – Updated: 2024-08-20 13:34
VLAI?
Summary
Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.
Severity ?
6.5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| spring | spring security |
Affected:
6.3.x , < 6.3.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T13:34:39.309830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:34:50.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "spring security",
"vendor": "spring",
"versions": [
{
"lessThan": "6.3.2",
"status": "affected",
"version": "6.3.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch1\u003eMissing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.\u003cbr\u003e\u003c/h1\u003e\u003cbr\u003e"
}
],
"value": "Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T03:35:24.795Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38810"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization When Using @AuthorizeReturnObject",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38810",
"datePublished": "2024-08-20T03:35:24.795Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2024-08-20T13:34:50.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22234 (GCVE-0-2024-22234)
Vulnerability from nvd – Published: 2024-02-20 07:02 – Updated: 2025-02-13 17:33
VLAI?
Summary
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Severity ?
7.4 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Security |
Affected:
6.1.x , < 6.1.7
(6.1.7)
Affected: 6.2.x , < 6.2.2 (6.2.2) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:46:52.509563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:21:05.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22234"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.x",
"versionType": "6.1.7"
},
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.x",
"versionType": "6.2.2"
}
]
}
],
"datePublic": "2024-02-19T08:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;method.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable if:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly and a \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;authentication parameter is passed to it resulting in an erroneous \u003ccode\u003etrue\u003c/code\u003e\u0026nbsp;return value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not use \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly.\u003c/li\u003e\u003cli\u003eThe application does not pass \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;to \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application only uses \u003ccode\u003eisFullyAuthenticated\u003c/code\u003e\u0026nbsp;via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\"\u003eMethod Security\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"\u003eHTTP Request Security\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:18.496Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22234"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22234",
"datePublished": "2024-02-20T07:02:50.873Z",
"dateReserved": "2024-01-08T16:40:16.141Z",
"dateUpdated": "2025-02-13T17:33:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34042 (GCVE-0-2023-34042)
Vulnerability from nvd – Published: 2024-02-05 22:00 – Updated: 2025-06-03 18:51
VLAI?
Summary
The spring-security.xsd file inside the
spring-security-config jar is world writable which means that if it were
extracted it could be written by anyone with access to the file system.
While there are no known exploits, this is an example of “CWE-732:
Incorrect Permission Assignment for Critical Resource” and could result
in an exploit. Users should update to the latest version of Spring
Security to mitigate any future exploits found around this issue.
Severity ?
4.1 (Medium)
CWE
- Incorrect Permission Assignment for spring-security.xsd
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| N/A | Spring Security |
Affected:
Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T16:00:46.931733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T18:51:02.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:39.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-34042"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "N/A",
"versions": [
{
"status": "affected",
"version": "Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cdiv\u003e\u003cp\u003eThe spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\u003c/p\u003e\n\u003cp\u003eWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\u003c/p\u003e\u003c/div\u003e\n\n"
}
],
"value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for spring-security.xsd",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-05T22:00:01.075Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-34042"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34042",
"datePublished": "2024-02-05T22:00:01.075Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2025-06-03T18:51:02.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34034 (GCVE-0-2023-34034)
Vulnerability from nvd – Published: 2023-07-19 14:16 – Updated: 2024-10-28 14:40
VLAI?
Summary
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
Severity ?
9.1 (Critical)
CWE
- potential for a security bypass
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security 6.1.0 , ≤ 6.1.1
( )
Affected: Spring Security 6.0.0 , ≤ 6.0.4 ( ) Affected: Spring Security 5.8.0 , ≤ 5.8.4 ( ) Affected: Spring Security 5.7.0 , ≤ 5.7.9 ( ) Affected: Spring Security 5.6.0 , ≤ 5.6.11 ( ) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-34034"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230814-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T14:34:24.503021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T14:40:32.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"lessThanOrEqual": "6.1.1",
"status": "affected",
"version": "Spring Security 6.1.0",
"versionType": " "
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "Spring Security 6.0.0 ",
"versionType": " "
},
{
"lessThanOrEqual": "5.8.4",
"status": "affected",
"version": "Spring Security 5.8.0",
"versionType": " "
},
{
"lessThanOrEqual": "5.7.9 ",
"status": "affected",
"version": "Spring Security 5.7.0 ",
"versionType": " "
},
{
"lessThanOrEqual": "5.6.11",
"status": "affected",
"version": "Spring Security 5.6.0",
"versionType": " "
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUsing \u003ccode\u003e\"**\"\u003c/code\u003e as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n"
}
],
"value": "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "potential for a security bypass",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T14:16:12.150Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-34034"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230814-0008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34034",
"datePublished": "2023-07-19T14:16:12.150Z",
"dateReserved": "2023-05-25T17:21:56.199Z",
"dateUpdated": "2024-10-28T14:40:32.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34035 (GCVE-0-2023-34035)
Vulnerability from nvd – Published: 2023-07-18 15:29 – Updated: 2024-10-25 15:47
VLAI?
Summary
Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)
Specifically, an application is vulnerable when all of the following are true:
* Spring MVC is on the classpath
* Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet)
* The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints
An application is not vulnerable if any of the following is true:
* The application does not have Spring MVC on the classpath
* The application secures no servlets other than Spring MVC’s DispatcherServlet
* The application uses requestMatchers(String) only for Spring MVC endpoints
Severity ?
7.3 (High)
CWE
- Authorization rule misconfiguration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security 5.8.0 to 5.8.4, Spring Security 6.0.0 to 6.0.4, Spring Security 6.1.0 to 6.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-34035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T15:47:27.642233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:47:50.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security 5.8.0 to 5.8.4, Spring Security 6.0.0 to 6.0.4, Spring Security 6.1.0 to 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpring Security versions \u003c/span\u003e\u003cstrong\u003e5.8\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prior to \u003c/span\u003e\u003cstrong\u003e5.8.5\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, \u003c/span\u003e\u003cstrong\u003e6.0\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prior to \u003c/span\u003e\u003cstrong\u003e6.0.5,\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and \u003c/span\u003e\u003cstrong\u003e6.1\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;prior to \u003c/span\u003e\u003cstrong\u003e6.1.2\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;could be susceptible to authorization rule misconfiguration if the application uses \u003c/span\u003e\u003ccode\u003erequestMatchers(String)\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(\u003c/span\u003e\u003ccode\u003eDispatcherServlet\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is a Spring MVC component that maps HTTP endpoints to methods on \u003c/span\u003e\u003ccode\u003e@Controller\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-annotated classes.)\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eSpecifically, an application is vulnerable when all of the following are true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eSpring MVC is on the classpath\u003c/li\u003e\u003cli\u003eSpring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s \u003ccode\u003eDispatcherServlet\u003c/code\u003e)\u003c/li\u003e\u003cli\u003eThe application uses \u003ccode\u003erequestMatchers(String)\u003c/code\u003e\u0026nbsp;to refer to endpoints that are not Spring MVC endpoints\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not have Spring MVC on the classpath\u003c/li\u003e\u003cli\u003eThe application secures no servlets other than Spring MVC\u2019s \u003ccode\u003eDispatcherServlet\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application uses \u003ccode\u003erequestMatchers(String)\u003c/code\u003e\u0026nbsp;only for Spring MVC endpoints\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "Spring Security versions 5.8\u00a0prior to 5.8.5, 6.0\u00a0prior to 6.0.5,\u00a0and 6.1\u00a0prior to 6.1.2\u00a0could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String)\u00a0and multiple servlets, one of them being Spring MVC\u2019s DispatcherServlet.\u00a0(DispatcherServlet\u00a0is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * Spring MVC is on the classpath\n * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC\u2019s DispatcherServlet)\n * The application uses requestMatchers(String)\u00a0to refer to endpoints that are not Spring MVC endpoints\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not have Spring MVC on the classpath\n * The application secures no servlets other than Spring MVC\u2019s DispatcherServlet\n * The application uses requestMatchers(String)\u00a0only for Spring MVC endpoints\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization rule misconfiguration",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T15:29:10.091Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-34035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34035",
"datePublished": "2023-07-18T15:29:10.091Z",
"dateReserved": "2023-05-25T17:21:56.200Z",
"dateUpdated": "2024-10-25T15:47:50.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20862 (GCVE-0-2023-20862)
Vulnerability from nvd – Published: 2023-04-19 00:00 – Updated: 2025-02-05 15:47
VLAI?
Summary
In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.
Severity ?
6.3 (Medium)
CWE
- Empty SecurityContext Is Not Properly Saved Upon Logout
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:32.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2023-20862"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-20862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:45:51.141064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:47:05.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Empty SecurityContext Is Not Properly Saved Upon Logout",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-26T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2023-20862"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20862",
"datePublished": "2023-04-19T00:00:00.000Z",
"dateReserved": "2022-11-01T00:00:00.000Z",
"dateUpdated": "2025-02-05T15:47:05.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31690 (GCVE-0-2022-31690)
Vulnerability from nvd – Published: 2022-10-31 00:00 – Updated: 2025-05-08 18:47
VLAI?
Summary
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.
Severity ?
8.1 (High)
CWE
- Privilege Escalation in spring-security-oauth2-client
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31690"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:42:47.671600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:47:35.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security (5.7 to 5.7.4 and 5.6 to 5.6.8 as well as older, unsupported versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation in spring-security-oauth2-client",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://tanzu.vmware.com/security/cve-2022-31690"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31690",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-05-08T18:47:35.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31692 (GCVE-0-2022-31692)
Vulnerability from nvd – Published: 2022-10-31 00:00 – Updated: 2025-05-06 15:53
VLAI?
Summary
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
Severity ?
9.8 (Critical)
CWE
- Spring is susceptible to authorization rules bypass via forward or include dispatcher types.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring by VMware |
Affected:
5.7 to 5.7.4, 5.6 to 5.6.8 and older versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-31692"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T15:52:10.845854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T15:53:54.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring by VMware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.7 to 5.7.4, 5.6 to 5.6.8 and older versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spring is susceptible to authorization rules bypass via forward or include dispatcher types.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://tanzu.vmware.com/security/cve-2022-31692"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221215-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-31692",
"datePublished": "2022-10-31T00:00:00.000Z",
"dateReserved": "2022-05-25T00:00:00.000Z",
"dateUpdated": "2025-05-06T15:53:54.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22976 (GCVE-0-2022-22976)
Vulnerability from nvd – Published: 2022-05-19 14:50 – Updated: 2024-08-03 03:28
VLAI?
Summary
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
Severity ?
No CVSS data available.
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:47:52",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"version_value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2022-22976",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220707-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220707-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22976",
"datePublished": "2022-05-19T14:50:46",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22978 (GCVE-0-2022-22978)
Vulnerability from nvd – Published: 2022-05-19 00:00 – Updated: 2024-08-03 03:28
VLAI?
Summary
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Severity ?
No CVSS data available.
CWE
- CWE-863 - improper authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Security |
Affected:
Spring security versions 5.4.x prior to 5.4.11+,5.5.x prior to 5.5.7+,5.6.x prior to 5.6.4+ and all earlier unsupported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2022-22978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring security versions 5.4.x prior to 5.4.11+,5.5.x prior to 5.5.7+,5.6.x prior to 5.6.4+ and all earlier unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863- improper authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2022-22978"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22978",
"datePublished": "2022-05-19T00:00:00",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}