ghsa-gq28-h5vg-8prx
Vulnerability from github
Published
2021-05-10 15:22
Modified
2021-08-31 21:18
Severity ?
Summary
Privilege escalation in spring security
Details
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-bom" }, "ranges": [ { "events": [ { "introduced": "5.4.0" }, { "fixed": "5.4.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-bom" }, "ranges": [ { "events": [ { "introduced": "5.3.0" }, { "fixed": "5.3.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-bom" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "5.2.9" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-web" }, "ranges": [ { "events": [ { "introduced": "5.4.0" }, { "fixed": "5.4.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-web" }, "ranges": [ { "events": [ { "introduced": "5.3.0" }, { "fixed": "5.3.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-web" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "5.2.9" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2021-22112" ], "database_specific": { "cwe_ids": [ "CWE-269" ], "github_reviewed": true, "github_reviewed_at": "2021-03-31T23:12:05Z", "nvd_published_at": "2021-02-23T19:15:00Z", "severity": "HIGH" }, "details": "Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application\u0027s intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.", "id": "GHSA-gq28-h5vg-8prx", "modified": "2021-08-31T21:18:55Z", "published": "2021-05-10T15:22:39Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22112" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2021-02-19" }, { "type": "WEB", "url": "https://tanzu.vmware.com/security/cve-2021-22112" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-security/releases/tag/5.4.4" }, { "type": "PACKAGE", "url": "https://github.com/spring-projects/spring-security" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2021/02/19/7" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Privilege escalation in spring security" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.