CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server

🗓️ 20 Mar 2024 03:58:13Reported by vmwareType

Spring Authorization Server PKCE Downgrade CV

Reporter	Title	Published	Views	Family All 16
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.	3 Feb 202523:04	–	ibm
CNNVD	Spring Authorization Server Security Vulnerability	20 Mar 202400:00	–	cnnvd
CVE	CVE-2024-22258	20 Mar 202403:58	–	cve
EUVD	EUVD-2024-1035	3 Oct 202520:07	–	euvd
Github Security Blog	Improper Authentication in Spring Authorization Server	20 Mar 202415:32	–	github
NVD	CVE-2024-22258	20 Mar 202404:15	–	nvd
OSV	GHSA-X637-X8P3-5P22 Improper Authentication in Spring Authorization Server	20 Mar 202415:32	–	osv
OSV	UBUNTU-CVE-2024-22258	20 Mar 202404:15	–	osv
Positive Technologies	PT-2024-19292 · Spring · Spring Authorization Server	19 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-22258	23 May 202509:54	–	redhatcve

[
  {
    "defaultStatus": "affected",
    "packageName": "Spring Authorization Server",
    "product": "Spring",
    "vendor": "Spring",
    "versions": [
      {
        "lessThan": "1.0.6",
        "status": "affected",
        "version": "1.0.x",
        "versionType": "enterprise support only"
      },
      {
        "lessThan": "1.1.6",
        "status": "affected",
        "version": "1.1.x",
        "versionType": "oss"
      },
      {
        "lessThan": "1.2.3",
        "status": "affected",
        "version": "1.2.x\t",
        "versionType": "oss"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2024-22258

20 Mar 2024 03:58Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.1

EPSS0.00093