ghsa-w3w6-26f2-p474
Vulnerability from github
Published
2024-02-20 09:30
Modified
2024-03-15 12:30
Severity ?
Summary
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
Details
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
- The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
- The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-core" }, "ranges": [ { "events": [ { "introduced": "6.1.0" }, { "fixed": "6.1.7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.springframework.security:spring-security-core" }, "ranges": [ { "events": [ { "introduced": "6.2.0" }, { "fixed": "6.2.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-22234" ], "database_specific": { "cwe_ids": [ "CWE-284" ], "github_reviewed": true, "github_reviewed_at": "2024-02-21T00:17:30Z", "nvd_published_at": "2024-02-20T07:15:09Z", "severity": "HIGH" }, "details": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html \n\n\n\n", "id": "GHSA-w3w6-26f2-p474", "modified": "2024-03-15T12:30:36Z", "published": "2024-02-20T09:30:30Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234" }, { "type": "WEB", "url": "https://github.com/spring-projects/spring-security/commit/750cb30ce44d279c2f54c845d375e6a58bded569" }, { "type": "PACKAGE", "url": "https://github.com/spring-projects/spring-security" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20240315-0003" }, { "type": "WEB", "url": "https://spring.io/security/cve-2024-22234" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.