All the vulnerabilites related to Spring - Spring Security
cve-2025-41232
Vulnerability from cvelistv5
Published
2025-05-21 10:23
Modified
2025-05-22 03:55
Severity ?
EPSS score ?
Summary
CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Spring | Spring Security |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T03:55:15.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Spring Security",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "6.4.6",
"status": "affected",
"version": "6.4.x",
"versionType": "oss"
}
]
}
],
"datePublic": "2025-05-19T10:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if the following are true:\u003c/p\u003e\u003col\u003e\u003cli\u003eYou are using \u003ccode\u003e@EnableMethodSecurity(mode=ASPECTJ)\u003c/code\u003e\u0026nbsp;and \u003ccode\u003espring-security-aspects\u003c/code\u003e, and\u003c/li\u003e\u003cli\u003eYou have Spring Security method annotations on a private method\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIn that case, the target method may be able to be invoked without proper authorization.\u003c/p\u003e\u003cp\u003eYou are not affected if:\u003c/p\u003e\u003col\u003e\u003cli\u003eYou are not using \u003ccode\u003e@EnableMethodSecurity(mode=ASPECTJ)\u003c/code\u003e\u0026nbsp;or \u003ccode\u003espring-security-aspects\u003c/code\u003e, or\u003c/li\u003e\u003cli\u003eYou have no Spring Security-annotated private methods\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.\n\nYour application may be affected by this if the following are true:\n\n * You are using @EnableMethodSecurity(mode=ASPECTJ)\u00a0and spring-security-aspects, and\n * You have Spring Security method annotations on a private method\nIn that case, the target method may be able to be invoked without proper authorization.\n\nYou are not affected if:\n\n * You are not using @EnableMethodSecurity(mode=ASPECTJ)\u00a0or spring-security-aspects, or\n * You have no Spring Security-annotated private methods"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T10:23:07.078Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://spring.io/security/cve-2025-41232"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41232",
"datePublished": "2025-05-21T10:23:07.078Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-05-22T03:55:15.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-22228
Vulnerability from cvelistv5
Published
2025-03-20 05:49
Modified
2025-04-25 23:03
Severity ?
EPSS score ?
Summary
CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Spring | Spring Security |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T03:55:17.357088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T16:09:31.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-25T23:03:00.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "Spring Security",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "5.7.16",
"status": "affected",
"version": "5.7.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "5.8.18",
"status": "affected",
"version": "5.8.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.0.16",
"status": "affected",
"version": "6.0.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.1.14",
"status": "affected",
"version": "6.1.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.2.10",
"status": "affected",
"version": "6.2.x",
"versionType": "Enterprise Support Only"
},
{
"lessThan": "6.3.8",
"status": "affected",
"version": "6.3.x",
"versionType": "OSS"
},
{
"lessThan": "6.4.4",
"status": "affected",
"version": "6.4.x",
"versionType": "OSS"
}
]
}
],
"datePublic": "2025-03-19T08:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eBCryptPasswordEncoder.matches(CharSequence,String)\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;will incorrectly return \u003c/span\u003e\u003ccode\u003etrue\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for passwords larger than 72 characters as long as the first 72 characters are the same.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "BCryptPasswordEncoder.matches(CharSequence,String)\u00a0will incorrectly return true\u00a0for passwords larger than 72 characters as long as the first 72 characters are the same."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T05:49:19.275Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-22228"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22228",
"datePublished": "2025-03-20T05:49:19.275Z",
"dateReserved": "2025-01-02T04:29:59.191Z",
"dateUpdated": "2025-04-25T23:03:00.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-22223
Vulnerability from cvelistv5
Published
2025-03-24 17:42
Modified
2025-03-24 18:06
Severity ?
EPSS score ?
Summary
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.
You are not affected if you are not using @EnableMethodSecurity, or
you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Spring | Spring Security |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:04:57.845346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:06:24.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"status": "affected",
"version": "6.4.0-6.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eYou are not affected if you are not using @EnableMethodSecurity, or\u003cbr\u003eyou do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.\u00a0\n\nYou are not affected if you are not using @EnableMethodSecurity, or\nyou do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:42:49.634Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2025-22223"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22223",
"datePublished": "2025-03-24T17:42:49.634Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-03-24T18:06:24.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38810
Vulnerability from cvelistv5
Published
2024-08-20 03:35
Modified
2024-08-20 13:34
Severity ?
EPSS score ?
Summary
Missing Authorization When Using @AuthorizeReturnObject
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| spring | spring security |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T13:34:39.309830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:34:50.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "spring security",
"vendor": "spring",
"versions": [
{
"lessThan": "6.3.2",
"status": "affected",
"version": "6.3.x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch1\u003eMissing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective.\u003cbr\u003e\u003c/h1\u003e\u003cbr\u003e"
}
],
"value": "Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T03:35:24.795Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-38810"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization When Using @AuthorizeReturnObject",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-38810",
"datePublished": "2024-08-20T03:35:24.795Z",
"dateReserved": "2024-06-19T22:31:57.187Z",
"dateUpdated": "2024-08-20T13:34:50.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11272
Vulnerability from cvelistv5
Published
2019-06-26 14:06
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
PlaintextPasswordEncoder authenticates encoded passwords that are null
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2019-11272 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html | mailing-list, x_refsource_MLIST |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Spring | Spring Security |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11272"
},
{
"name": "[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "4.2.13.RELEASE",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \"null\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T08:06:02",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11272"
},
{
"name": "[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PlaintextPasswordEncoder authenticates encoded passwords that are null",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-06-20T20:19:44.000Z",
"ID": "CVE-2019-11272",
"STATE": "PUBLIC",
"TITLE": "PlaintextPasswordEncoder authenticates encoded passwords that are null"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.13.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \"null\"."
}
]
},
"impact": null,
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11272",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11272"
},
{
"name": "[debian-lts-announce] 20190709 [SECURITY] [DLA 1848-1] libspring-security-2.0-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11272",
"datePublished": "2019-06-26T14:06:15.312137Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T19:25:59.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3795
Vulnerability from cvelistv5
Published
2019-04-09 15:29
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
References
| ▼ | URL | Tags |
|---|---|---|
| https://pivotal.io/security/cve-2019-3795 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107802 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html | mailing-list, x_refsource_MLIST |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Spring | Spring Security |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-3795"
},
{
"name": "107802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107802"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1794-1] libspring-security-2.0-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "5.0.11.RELEASE",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.1.4.RELEASE",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThan": "4.2.11.RELEASE",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T05:06:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-3795"
},
{
"name": "107802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107802"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1794-1] libspring-security-2.0-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-04-04T18:01:40.000Z",
"ID": "CVE-2019-3795",
"STATE": "PUBLIC",
"TITLE": "Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Security",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.11.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.4.RELEASE"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.11.RELEASE"
}
]
}
}
]
},
"vendor_name": "Spring"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-3795",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3795"
},
{
"name": "107802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107802"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1794-1] libspring-security-2.0-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00026.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3795",
"datePublished": "2019-04-09T15:29:02.127885Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:02:03.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22234
Vulnerability from cvelistv5
Published
2024-02-20 07:02
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Spring | Spring Security |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "spring_security",
"vendor": "vmware",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:46:52.509563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:21:05.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://spring.io/security/cve-2024-22234"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"lessThan": "6.1.7",
"status": "affected",
"version": "6.1.x",
"versionType": "6.1.7"
},
{
"lessThan": "6.2.2",
"status": "affected",
"version": "6.2.x",
"versionType": "6.2.2"
}
]
}
],
"datePublic": "2024-02-19T08:59:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;method.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable if:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly and a \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;authentication parameter is passed to it resulting in an erroneous \u003ccode\u003etrue\u003c/code\u003e\u0026nbsp;return value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not use \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly.\u003c/li\u003e\u003cli\u003eThe application does not pass \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;to \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application only uses \u003ccode\u003eisFullyAuthenticated\u003c/code\u003e\u0026nbsp;via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\"\u003eMethod Security\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"\u003eHTTP Request Security\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n * The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n * The application only uses isFullyAuthenticated\u00a0via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-15T11:06:18.496Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2024-22234"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22234",
"datePublished": "2024-02-20T07:02:50.873Z",
"dateReserved": "2024-01-08T16:40:16.141Z",
"dateUpdated": "2025-02-13T17:33:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}