Lucene search

Privilege escalation in spring security

🗓️ 10 May 2021 15:39:22Reported by GitHub Advisory DatabaseType

Privilege escalation issue in Spring Security 5.x version

Reporter	Title	Published	Views	Family All 18
Tenable Nessus	FreeBSD : jenkins -- Privilege escalation vulnerability in bundled Spring Security library (a45d945a-cc2c-4cd7-a941-fb58fdb1b01e)	22 Feb 202100:00	–	nessus
Tenable Nessus	Jenkins weekly < 2.280 Privilege Escalation	9 Apr 202100:00	–	nessus
Tenable Nessus	Oracle MySQL Enterprise Monitor (Oct 2021 CPU)	20 Oct 202100:00	–	nessus
CVE	CVE-2021-22112	23 Feb 202119:15	–	cve
Veracode	Privilege Escalation	6 Apr 202103:21	–	veracode
Prion	Authentication flaw	23 Feb 202119:15	–	prion
OSV	CVE-2021-22112	23 Feb 202119:15	–	osv
OSV	Privilege escalation in spring security	10 May 202115:22	–	osv
RedhatCVE	CVE-2021-22112	22 Feb 202121:18	–	redhatcve
Cvelist	CVE-2021-22112	23 Feb 202118:48	–	cvelist

Vulners

Node

org.springframework.security spring\-security\-webRange5.3.0–5.3.8

org.springframework.security spring\-security\-webRange5.4.0–5.4.4

org.springframework.security spring\-security\-bomRange<5.2.9

org.springframework.security spring\-security\-bomRange5.3.0–5.3.8

org.springframework.security spring\-security\-bomRange5.4.0–5.4.4

org.springframework.security spring\-security\-webRange<5.2.9

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-22112
github	www.github.com/spring-projects/spring-security/releases/tag/5.4.4
tanzu	www.tanzu.vmware.com/security/cve-2021-22112
jenkins	www.jenkins.io/security/advisory/2021-02-19/
openwall	www.openwall.com/lists/oss-security/2021/02/19/7
lists	www.lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuApr2021.html
lists	www.lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
lists	www.lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
lists	www.lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 May 2021 15:22Current

3Low risk

Vulners AI Score3

CVSS29

CVSS38.8

EPSS0.00267

CWE-269