Lucene search

K
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310104648
HistoryMar 21, 2023 - 12:00 a.m.

VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Linux

2023-03-2100:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
12
vmware spring framework
security bypass
vulnerability
linux
update

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

47.2%

The VMware Spring Framework is prone to a security bypass
vulnerability.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

CPE = "cpe:/a:vmware:spring_framework";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.104648");
  script_version("2023-10-13T05:06:10+0000");
  script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
  script_tag(name:"creation_date", value:"2023-03-21 12:09:06 +0000 (Tue, 21 Mar 2023)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-04-03 18:20:00 +0000 (Mon, 03 Apr 2023)");

  script_cve_id("CVE-2023-20860");

  script_name("VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Linux");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_vmware_spring_framework_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("vmware/spring/framework/detected", "Host/runs_unixoide");

  script_xref(name:"URL", value:"https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861");
  script_xref(name:"URL", value:"https://spring.io/security/cve-2023-20860");

  script_tag(name:"summary", value:"The VMware Spring Framework is prone to a security bypass
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Using '**' as a pattern in Spring Security configuration with
  the 'mvcRequestMatcher' creates a mismatch in pattern matching between Spring Security and Spring
  MVC, and the potential for a security bypass.");

  script_tag(name:"affected", value:"VMware Spring Framework versions 5.3.x prior to 5.3.26 and
  6.0.x prior to 6.0.7. Versions older than 5.3 are not affected.");

  script_tag(name:"solution", value:"Update to version 5.3.26, 6.0.7 or later.");

  script_tag(name:"qod_type", value:"executable_version_unreliable");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_in_range_exclusive( version:version, test_version_lo:"5.3.0", test_version_up:"5.3.26" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"5.3.26/6.0.7", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if( version_in_range_exclusive( version:version, test_version_lo:"6.0.0", test_version_up:"6.0.7" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"6.0.7", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

47.2%