Description
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Remediation
References
https://pivotal.io/security/cve-2018-1258
http://www.securityfocus.com/bid/104222
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securitytracker.com/id/1041896
http://www.securitytracker.com/id/1041888
https://security.netapp.com/advisory/ntap-20181018-0002/
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://access.redhat.com/errata/RHSA-2019:2413
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Related Vulnerabilities
CVE-2022-45389 Vulnerability in maven package com.cloudbees.jenkins.plugins:xpdev
CVE-2022-48285 Vulnerability in maven package org.webjars.bowergithub.stuk:jszip
CVE-2022-29631 Vulnerability in maven package org.jodd:jodd-http
CVE-2023-20883 Vulnerability in maven package org.springframework.boot:spring-boot-autoconfigure
CVE-2018-1000602 Vulnerability in maven package org.jenkins-ci.plugins:saml