1124 matches found
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
au.org.consumerdatastandards:client-cli (>=1.1.1 <=2.4.1), fm.pattern:tokamak-authorization (=1.0.1) +17 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.1.0.RELEASE <=2.1.1.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.1.0.RELEASE, =1.1.1, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.9.0, =1.9.0, =1.3.0, =1.3.0, =1.3.4 and more Source cves: CVE-2018-15758 Source advisory: OSV:GHSA-H8W4-QV99-F7VJhttps://vulners...
GHSA-H8W4-QV99-F7VJ Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
br.com.anteros:Anteros-Keycloak (=1.0.0), cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE) +57 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.2.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =4.0.1 - com.ge.research.semtk:springSecurityLibrary =2.2.2 -...
am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +525 more potentially affected by CVE-2018-15758 via org.springframework.security.oauth:spring-security-oauth2 (>=2.0.0.RELEASE <=2.0.15.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2018-15758 Source...
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
Privilege Escalation
spring-security-oauth2 is vulnerable to privilege escalation. The library does not properly handle the AuthorizationRequest parameter state, allowing a malicious user to pass a request to an approval endpoint and modify a previous authorization request, leading to a privilege escalation...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
Authorization
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758 Privilege Escalation in spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval...
CVE-2018-15758
Spring Security OAuth vulnerability CVE-2018-15758 affects multiple branches: 2.3.x before 2.3.4, 2.2.x before 2.2.3, 2.1.x before 2.1.3, and 2.0.x before 2.0.16 (older unsupported versions). The issue, described across connected sources, allows a malicious user to craft a request to a custom app...
jp.co.ap-com:spring-oauth2-serializable (=0.0.1) potentially affected by CVE-2016-4977 via org.springframework.security.oauth:spring-security-oauth2 (=2.0.0.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.security.oauth:spring-security-oauth2 and may be impacted: -...
GHSA-7Q9C-H23X-65FQ Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
org.cloudfoundry:cf-gradle-plugin (>=1.0.1 <=1.0.3), org.cloudfoundry:cf-maven-plugin (>=1.0.1 <=1.0.3) +5 more potentially affected by CVE-2016-4977 via org.springframework.security.oauth:spring-security-oauth2 (>=1.0.0.RELEASE <=1.0.2.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =1.0.0.RELEASE, =1.0.1, =1.0.1, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.22 Source cves: CVE-2016-4977 Source advisory: OSV:GHSA-7Q9C-H23X-65FQ...
am.ik.home:uaa-client (>=1.0.0 <=1.9.0), am.ik.home:uaa-integration-test (>=1.0.0 <=1.9.0) +509 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.0.0.RELEASE <=2.0.14.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =A.1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1.11 - com.17jee:e-security-token =3.0.1.11 and more Source cves: CVE-2018-1260 Source...
GHSA-RRPM-PJ7P-7J9Q Spring Security OAuth vulnerable to remote code execution (RCE)
Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...
Spring Security OAuth vulnerable to remote code execution (RCE)
Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarde...
br.com.anteros:Anteros-Keycloak (=1.0.0), com.blossom-project:blossom-starter-ui-api (>=1.0.0 <=1.1.1) +47 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.2.0.RELEASE <=2.2.1.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.2.0.RELEASE, =1.0.0, =1.0.0, =3.3.2, =1.0.6, =1.0.0, =0.7.4, =0.7.8 - com.vmware.card-connectors:airwatch-connector =2.1 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...