Description

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

Remediation

References

https://pivotal.io/security/cve-2018-15801

Related Vulnerabilities

CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap

CVE-2023-26471 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-async-macro

CVE-2022-22979 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-context

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2014-0003 Vulnerability in maven package org.apache.camel:camel-core

Severity

High

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory