Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://secunia.com/advisories/55155

http://support.springsource.com/security/cve-2011-2731

http://www.securitytracker.com/id/1029151

Related Vulnerabilities

CVE-2017-8032 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa

CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass

CVE-2023-35155 Vulnerability in maven package org.xwiki.platform:xwiki-platform-sharepage-api

CVE-2014-3625 Vulnerability in maven package org.springframework:spring-webmvc

CVE-2014-3667 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-362

Tags

Vendor Advisory