CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15758 – Privilege Escalation in spring-security-oauth2
https://notcve.org/view.php?id=CVE-2018-15758
18 Oct 2018 — Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endp... • http://www.securityfocus.com/bid/105687 • CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 0CVE-2018-1260 – spring-security-oauth: remote code execution in the authorization process
https://notcve.org/view.php?id=CVE-2018-1260
11 May 2018 — Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint. Spring Security OAuth, en versiones 2.3 anteriores a la 2.3.3, versiones 2.2 anteriores a la 2.2.2, versiones 2.1 anteriores ... • http://www.securityfocus.com/bid/104158 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 8.8EPSS: 16%CPEs: 16EXPL: 2CVE-2016-4977
https://notcve.org/view.php?id=CVE-2016-4977
25 May 2017 — When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. Cuando se procesan las peticiones de autorización usando las vistas whitelabel en Spring Security OAuth versiones 2.0.0 hasta 2.0.9 y versiones 1.0.0 hasta 1.0.5, el valor del parámetro response_type fue ejecuta... • https://github.com/N0b1e6/CVE-2016-4977-POC • CWE-19: Data Processing Errors •