1189 matches found
GHSA-MMF6-6597-3V6M Open Redirect in Spring Security OAuth
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
uk.ac.ox.it.lti:lti-launch (>=1.5.0 <=1.6.0) potentially affected by CVE-2019-11269 via org.springframework.security.oauth:spring-security-oauth (=2.3.5.RELEASE)
org.springframework.security.oauth:spring-security-oauth MAVEN version =2.3.5.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security.oauth:spring-security-oauth and may be impacted: - uk.ac.ox.it.lti:lti-launch =1.5.0,...
Open Redirect in Spring Security OAuth
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Authorization
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
CVE-2019-11269 affects Spring Security OAuth; an open-redirect at the authorization endpoint (redirect_uri) can leak the authorization code. Affected versions: 2.3 before 2.3.6, 2.2 before 2.2.5, 2.1 before 2.1.5, 2.0 before 2.0.18, and older unsupported versions. Attack requires a crafted reques...
CVE-2019-11269 Open Redirector in spring-security-oauth2
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Open Redirection
spring-security-oauth2 is vulnerable to open redirection. A remote attacker is able to modify the redirecturi parameter and redirect users to a malicious site to steal confidential information such as authorization code, username and password...
DLA-1794-1 libspring-security-2.0-java - security update
Bulletin has no description...
ch.rasc:wamp2spring-security (=1.0.0), com.antelopesystem.authframework:auth-framework (=0.0.2) +177 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.11.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =2.21.8, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 - com.netflix.genie:genie-security =4.0.0-rc.2 - de.codecentric:spring-boot-admin-sample-consul =2.0.5 -...
GHSA-V2R2-7QM7-JJ6V Spring Security uses insufficiently random values
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.1.6), ai.hyacinth.framework:core-service-gateway-server (=0.5.0) +1506 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.1.0.RELEASE <=5.1.4.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE, =0.1.2, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109,...
Spring Security uses insufficiently random values
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
au.org.consumerdatastandards:client-cli (>=1.1.1 <=1.12.0), com.ahome-it:ahome-tooling-server-core (>=1.1.19-RELEASE <=1.1.27-RELEASE) +243 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.11.RELEASE)
org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.1.1, =1.1.19-RELEASE, =1.1.23-RELEASE, =1.1.19-RELEASE, =1.1.19-RELEASE, =1.1.23-RELEASE, =2.21.8, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta2 and more Source cves:...
Security fix for the ALT Linux 10 package samba version 4.10.2-alt1
April 11, 2019 Evgeny Sinelnikov 4.10.2-alt1 - Update to spring security release - Security fixes: + CVE-2019-3870 World writable files in Samba AD DC private/ dir + CVE-2019-3880 Save registry file outside share as unprivileged user...
CVE-2019-3795
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
CVE-2019-3795
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
Design/Logic Flaw
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...