GSD-2018-15801
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-15801",
"description": "Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.",
"id": "GSD-2018-15801"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-15801"
],
"details": "Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.",
"id": "GSD-2018-15801",
"modified": "2023-12-13T01:22:23.469965Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-12-18T00:00:00.000Z",
"ID": "CVE-2018-15801",
"STATE": "PUBLIC",
"TITLE": "Authorization Bypass During JWT Issuer Validation with spring-security"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_name": "5.1.x",
"version_value": "5.1.2"
}
]
}
}
]
},
"vendor_name": "Spring by Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15801",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15801"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[5.1.0,5.1.2)",
"affected_versions": "All versions starting from 5.1.0 before 5.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-345",
"CWE-937"
],
"date": "2021-08-30",
"description": "Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.",
"fixed_versions": [
"5.1.2"
],
"identifier": "CVE-2018-15801",
"identifiers": [
"GHSA-27xw-p8v6-9jjr",
"CVE-2018-15801"
],
"not_impacted": "All versions before 5.1.0, all versions starting from 5.1.2",
"package_slug": "maven/org.springframework.security/spring-security-core",
"pubdate": "2018-12-20",
"solution": "Upgrade to version 5.1.2 or above.",
"title": "Insufficient Verification of Data Authenticity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15801",
"https://github.com/advisories/GHSA-27xw-p8v6-9jjr",
"https://pivotal.io/security/cve-2018-15801"
],
"uuid": "04359268-3680-42da-8218-ab7d1a2f59cf"
},
{
"affected_range": "[5.1.0.RELEASE,5.1.2.RELEASE)",
"affected_versions": "All versions starting from 5.1.0.RELEASE before 5.1.2.RELEASE",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-345",
"CWE-937"
],
"date": "2019-10-09",
"description": "Spring Security contains an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs.",
"fixed_versions": [
"5.1.2.RELEASE"
],
"identifier": "CVE-2018-15801",
"identifiers": [
"CVE-2018-15801"
],
"not_impacted": "All versions before 5.1.0.RELEASE, all versions starting from 5.1.2.RELEASE",
"package_slug": "maven/org.springframework.security/spring-security-oauth2-jose",
"pubdate": "2018-12-19",
"solution": "Upgrade to version 5.1.2.RELEASE or above.",
"title": "Insufficient Verification of Data Authenticity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15801",
"https://pivotal.io/security/cve-2018-15801"
],
"uuid": "21468186-ec7e-4562-af17-b5d741362e31"
},
{
"affected_range": "[5.1.0,5.1.2)",
"affected_versions": "All versions starting from 5.1.0 before 5.1.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-345",
"CWE-937"
],
"date": "2019-10-09",
"description": "Spring Security contains an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.",
"fixed_versions": [
"5.1.2.RELEASE"
],
"identifier": "CVE-2018-15801",
"identifiers": [
"CVE-2018-15801"
],
"not_impacted": "All versions before 5.1.0, all versions starting from 5.1.2",
"package_slug": "maven/org.springframework/spring-webmvc",
"pubdate": "2018-12-19",
"solution": "Upgrade to version 5.1.2.RELEASE or above.",
"title": "Insufficient Verification of Data Authenticity",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-15801",
"https://pivotal.io/security/cve-2018-15801"
],
"uuid": "3cc014f2-0591-4d1f-9b61-c4007313d82a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.2",
"versionStartIncluding": "5.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-15801"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15801",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://pivotal.io/security/cve-2018-15801"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-06-03T15:28Z",
"publishedDate": "2018-12-19T22:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…