8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
76.7%
Spring Security OAuth2 Client is vulnerable to Privilege Escalation. The vulnerability exists in the getTokenResponse
function in multiple files due to the authorization server responding with an OAuth2 access token response containing an empty scope list which allows an attacker to modify requests initiated by clients.
github.com/advisories/GHSA-32vj-v39g-jh23
github.com/spring-projects/spring-security/commit/2915a70bf786e2bd0780d686d432b9ba85617522
github.com/spring-projects/spring-security/commit/75004587a419a96d18909030b20c6b16b226ecbe
github.com/spring-projects/spring-security/issues/12101
github.com/spring-projects/spring-security/issues/12112
github.com/spring-projects/spring-security/releases/tag/5.6.9
github.com/spring-projects/spring-security/releases/tag/5.7.5
security.netapp.com/advisory/ntap-20221215-0010/
tanzu.vmware.com/security/cve-2022-31690
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
76.7%