Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2018/12/20 10:1 p.m.11 views

com.microsoft.azure:azure-active-directory-b2c-spring-boot-starter (>=2.1.4.M1 <=2.1.6.M2), com.sap.cloud.security.xsuaa:spring-xsuaa (>=1.1.0 <=2.1.0) +4 more potentially affected by CVE-2018-15801 via org.springframework.security:spring-security-oauth2-jose (>=5.1.10.RELEASE <=5.1.1.RELEASE)

org.springframework.security:spring-security-oauth2-jose MAVEN version =5.1.10.RELEASE, =2.1.4.M1, =1.1.0, =1.2.0, =1.2.0, =2.1.0.RELEASE, =2.1.0.RELEASE, =2.1.18.RELEASE Source cves: CVE-2018-15801 Source advisory: OSV:GHSA-27XW-P8V6-9JJR...

7.4CVSS6.1AI score0.00653EPSS
Exploits0
NVD
NVD
added 2018/12/19 10:29 p.m.28 views

CVE-2018-15801

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS4.8AI score0.00653EPSS
Exploits0References1
OSV
OSV
added 2018/12/19 10:29 p.m.27 views

CVE-2018-15801

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS6.7AI score0.00653EPSS
Exploits0References1
CVE
CVE
added 2018/12/19 10:0 p.m.84 views

CVE-2018-15801

CVE-2018-15801 affects Spring Security versions 5.1.x prior to 5.1.2, where an authorization bypass can occur during JWT issuer validation. For exploitation, the same private key must be used by an honest issuer and a malicious user when signing JWTs; a attacker could craft signed tokens with a m...

7.4CVSS5.4AI score0.00653EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/19 10:0 p.m.35 views

CVE-2018-15801 Authorization Bypass During JWT Issuer Validation with spring-security

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

3.3CVSS7.3AI score0.00653EPSS
Exploits0References1
Rows per page
Query Builder