Lucene search
K

49 matches found

Spring Security Advisories
Spring Security Advisories
added 2024/06/25 12:0 a.m.18 views

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/04/24 12:0 a.m.11 views

This Week in Spring - Tuesday, April 23rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...

7.1AI score
Exploits0
OSV
OSV
added 2024/03/20 3:32 p.m.3 views

GHSA-X637-X8P3-5P22 Improper Authentication in Spring Authorization Server

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS5.9AI score0.00522EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/20 3:32 p.m.32 views

Improper Authentication in Spring Authorization Server

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS7.2AI score0.00522EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/20 4:15 a.m.32 views

CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS6.3AI score0.00522EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/03/20 4:15 a.m.23 views

CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS6.4AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2024/03/20 4:15 a.m.2 views

UBUNTU-CVE-2024-22258

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS5.8AI score0.00522EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/20 3:58 a.m.20 views

CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS6.9AI score0.00522EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/20 3:58 a.m.36 views

CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An...

6.1CVSS6.5AI score0.00522EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.5 views

Spring Authorization Server Security Vulnerability

VMware Spring Authorization Server is a framework for building secure OAuth 2.0 and OpenID Connect 1.0 authorization servers from VMware. A security vulnerability exists in Spring Authorization Server that stems from the vulnerability of an application to a PKCE downgrade attack when the PKCE...

6.1CVSS6.9AI score0.00522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.4 views

PT-2024-19292

Name of the Vulnerable Software and Affected Versions Spring Authorization Server versions 1.0.0 through 1.0.5 Spring Authorization Server versions 1.1.0 through 1.1.5 Spring Authorization Server versions 1.2.0 through 1.2.2 Spring Authorization Server older unsupported versions Description The...

6.1CVSS6.4AI score0.00522EPSS
Exploits0References12
Spring Security Advisories
Spring Security Advisories
added 2024/03/19 12:0 a.m.30 views

Token Exchange support in Spring Security 6.3.0-M3

I'm excited to share that the there will be support for the OAuth 2.0 Token Exchange Grant RFC 8693 in Spring Security 6.3, which is available for preview now in the latest milestone 6.3.0-M3. This support provides the ability to use Token Exchange with OAuth2 Client. Similarly, server-side suppo...

6.7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/03/06 12:0 a.m.10 views

Spring Tips: the Spring Authorization Server: durability of data

Hi, Spring fans! In this installment, we continue our look at the venerable Spring Authorization Server, this time looking at how to configure persistence and durability for various aspects of the system...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/03/05 12:0 a.m.19 views

This Week in Spring - March 5th, 2024

Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/28 12:0 a.m.29 views

This Week in Spring - February 27th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring wherein we explore the latest-and-greatest in the wonderful world of Springdom. This week's going to be a very good one, so let's dive right into it! good news everyone! Spring Boot's been updated! 3.3.0-M2, 3.2.3, and 3.1.9 a...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/28 12:0 a.m.9 views

Spring Tips: the Spring Authorization Server: securing SPAs and messaging flows

hi, Spring fans! In this installment, we continue our look at the venerable Spring Authorization Server, this time looking at how to extend its use beyond just HTTP APIs, to secure single page applications and messaging flows with OAuth...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/08 12:0 a.m.14 views

Spring Tips: Spring Boot Testjars

Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/08/29 12:0 a.m.13 views

This Week in Spring - August 29th, 2023 - the post SpringOne recovery blog

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm exhausted. Seriously. Last week was mental. If you need me, I'll be over sipping on a tea... But, before that, there's a ton of things to cover from this last week, as always, and there's no rest for the curious, so let's...

6.7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/08/23 12:0 a.m.21 views

This Week in Spring - August 22, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! And, would you believe it, I'm writing this at SpringOne 2023, in sunny Las Vegas, Nevada. This is the first in-person SpringOne since 2019, and I'm so, so, so glad to be here! We've got a ton of things to get into this week,...

6.7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/06/06 12:0 a.m.14 views

This Week in Spring - June 6th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what an insane week it's been! Long story short, I've spent 10-12 hours a day over the last five days migrating a dozen differnet applications and services from one GKE cluster to another, taking the time to update things...

6.8AI score
Exploits0
Rows per page
Query Builder