CVE-2022-22969

Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service DoS attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the...

Security Bulletin: Spring Security OAuth Affects IBM Partner Engagement Manager (CVE-2022-22969)

Summary IBM Sterling Partner Engagement Manager uses Spring Security OAuth that is vulnerable to a denial of service, caused by initiation of the Authorization Request in an OAuth 2.0 Client application. By sending multiple specially-crafted requests, a remote attacker could exploit this...

com.atlassian.connect:atlassian-connect-spring-boot-api (>=2.0.2 <=2.0.7), com.atlassian.connect:atlassian-connect-spring-boot-core (>=2.0.2 <=2.0.7) +34 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.4.0.RELEASE <=2.4.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.4.0.RELEASE, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.5, =0.0.5, =0.0.5, =5.0.0, =5.0.0, =4.59.5, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.0.10.RELEASE, =1.73.8, =1.106.2 and more Source cves: CVE-2022-22969 Source advisory:...

cn.infrabase:infrabase-platform-passport (=0.0.1), cn.itlym:shoulder-starter-auth-server (=0.6) +263 more potentially affected by CVE-2022-22969 via org.springframework.security.oauth:spring-security-oauth2 (>=2.5.0.RELEASE <=2.5.1.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.5.0.RELEASE, =1.1.0, =1.1.0, =1.129.9, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =3.2.1.RELEASE, =5.0.0, =1.4.11, =1.4.11, =1.5.7 and more Source cves: CVE-2022-22969 Source advisory: OSV:GHSA-C2CP-3XJ9-97W9...

CVE-2022-22969

creationtimestamp| type| source ---|---|--- 2022-04-21 22:27:17+00:00| seen| https://t.me/cibsecurity/41259 2024-02-08 18:42:06+00:00| seen| https://t.me/ctinow/181538...

CVE-2022-22969

CVE-2022-22969 affects Spring Security OAuth (spring-security-oauth2) 2.5.x before 2.5.2 and older unsupported releases. The DoS arises when an attacker initiates multiple OAuth 2.0 Authorization Code Grant authorization requests in a client application, exhausting resources per session. Affected...

Concrete CMS < 8.5.7 Multiple Vulnerabilities

Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...

CVE-2021-22969

creationtimestamp| type| source ---|---|--- 2021-11-19 22:17:06+00:00| seen| https://t.me/cibsecurity/32734...

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

CVE-2021-22969

CVE-2021-22969 affects Concrete CMS (formerly concrete5) versions below 8.5.7. The vulnerability is a Server-Side Request Forgery (SSRF) mitigation bypass via a DNS Rebind attack, enabling an attacker to access cloud IAM keys (e.g., AWS) by fetching credentials. The root cause is SSRF mitigation ...