1124 matches found
Authorization
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
CVE-2019-11269 affects Spring Security OAuth; an open-redirect at the authorization endpoint (redirect_uri) can leak the authorization code. Affected versions: 2.3 before 2.3.6, 2.2 before 2.2.5, 2.1 before 2.1.5, 2.0 before 2.0.18, and older unsupported versions. Attack requires a crafted reques...
CVE-2019-11269 Open Redirector in spring-security-oauth2
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
CVE-2019-11269
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the...
Open Redirection
spring-security-oauth2 is vulnerable to open redirection. A remote attacker is able to modify the redirecturi parameter and redirect users to a malicious site to steal confidential information such as authorization code, username and password...
DLA-1794-1 libspring-security-2.0-java - security update
Bulletin has no description...
ch.rasc:wamp2spring-security (=1.0.0), com.antelopesystem.authframework:auth-framework (=0.0.2) +177 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.11.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =2.21.8, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 - com.netflix.genie:genie-security =4.0.0-rc.2 - de.codecentric:spring-boot-admin-sample-consul =2.0.5 -...
GHSA-V2R2-7QM7-JJ6V Spring Security uses insufficiently random values
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.1.6), ai.hyacinth.framework:core-service-gateway-server (=0.5.0) +1506 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.1.0.RELEASE <=5.1.4.RELEASE)
org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE, =0.1.2, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109,...
Spring Security uses insufficiently random values
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
au.org.consumerdatastandards:client-cli (>=1.1.1 <=1.12.0), com.ahome-it:ahome-tooling-server-core (>=1.1.19-RELEASE <=1.1.27-RELEASE) +243 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.11.RELEASE)
org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.1.1, =1.1.19-RELEASE, =1.1.23-RELEASE, =1.1.19-RELEASE, =1.1.19-RELEASE, =1.1.23-RELEASE, =2.21.8, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta2 and more Source cves:...
Security fix for the ALT Linux 10 package samba version 4.10.2-alt1
April 11, 2019 Evgeny Sinelnikov 4.10.2-alt1 - Update to spring security release - Security fixes: + CVE-2019-3870 World writable files in Samba AD DC private/ dir + CVE-2019-3880 Save registry file outside share as unprivileged user...
CVE-2019-3795
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
CVE-2019-3795
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
Design/Logic Flaw
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
CVE-2019-3795
CVE-2019-3795 affects Spring Security: insecure randomness when SecureRandomFactoryBean#setSeed is used to configure a SecureRandom. Impact requires the application to supply a seed and expose the resulting random material to an attacker. Affected releases include Spring Security 4.2.x before 4.2...
CVE-2019-3795 Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...
Insecure Randomness
spring-security-core is vulnerable to insecure randomness. The vulnerability exists because it does not use a secure way of generating randomness in SecureRandomFactoryBeansetSeed to configure a SecureRandom instance...
CVE-2019-3778
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to th...
am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +537 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=2.0.16.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2019-3778 Source...