CVE-2011-2731 Vulnerability in maven package org.springframework.security:spring-security-core

Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://support.springsource.com/security/cve-2011-2731

http://secunia.com/advisories/55155

http://www.securitytracker.com/id/1029151

Related Vulnerabilities

CVE-2021-22051 Vulnerability in maven package org.springframework.cloud:spring-cloud-gateway-server

CVE-2023-45137 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2018-1000173 Vulnerability in maven package org.jenkins-ci.plugins:google-login

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2020-2205 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder

Severity

Critical

Classification

CWE-362