1124 matches found
Privilege Escalation
Spring Security OAuth2 Client is vulnerable to Privilege Escalation. The vulnerability exists in the getTokenResponse function in multiple files due to the authorization server responding with an OAuth2 access token response containing an empty scope list which allows an attacker to modify reques...
Vulnerabilities fixed in VMware Spring
VMware has fixed vulnerabilities in Spring Security and spring-security-oauth2-client. A malicious party could vulnerabilities potentially exploit them to obtain elevated privileges or to bypass authentication. Only Spring environments using specific configurations are vulnerable. VMware has...
Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security
CVE-2022-31692 Demo Overview A simple Spring Boot applicat...
Privilege Escalation in VMware spring-security
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A vulnerability in VMwares Spring Security affects the mapping of permitted scope in spring-security-oauth2-client, allowing privilege escalation...
cloud.altemista.fwk.azure:cloud-altemistafwk-core-azure-active-directory (=3.1.0.RELEASE), cloud.altemista.fwk.azure:cloud-altemistafwk-core-azure-active-directory-conf (=3.1.0.RELEASE) +572 more potentially affected by CVE-2022-31690 via org.springframework.security:spring-security-oauth2-client (>=5.0.10.RELEASE <=5.6.8)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.0.10.RELEASE, =1.1.1-alpha, =1.1.1-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.1, =0.3 - cn.itlym:shoulder-security-code =0.3 - cn.itlym:shoulder-starter-auth-server =0.3 -...
GHSA-32VJ-V39G-JH23 spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (>=j11.2.6.0 <=j11.2.6.1) +1919 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.8)
org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-31692 Source advisory:...
GHSA-MMMH-WCXM-2WR4 Spring Security authorization rules can be bypassed via forward or include dispatcher types
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2391 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.4)
org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...
cn.kduck:kduck-security-principal (=1.1.3), com.atlassian.connect:atlassian-connect-spring-boot-core (>=3.0.0 <=3.0.10) +338 more potentially affected by CVE-2022-31690 via org.springframework.security:spring-security-oauth2-client (>=5.7.1 <=5.7.4)
org.springframework.security:spring-security-oauth2-client MAVEN version =5.7.1, =3.0.0, =3.0.0, =4.3.0, =5.1.3, =5.1.3, =5.1.0, =4.2.0, =0.1.33, =1.18.8, =1.18.8, =2.9 - com.graphql-java-generator:graphql-maven-plugin =1.18.8 and more Source cves: CVE-2022-31690https://vulners.com/cve/CVE-2...
spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
CVE-2022-31692
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
CVE-2022-31692
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
CVE-2022-31690
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
CVE-2022-31690
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
UBUNTU-CVE-2022-31692
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
Authorization
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...
Authorization
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...
CVE-2022-31690
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...