CVSS: 9.8EPSS: 90%CPEs: 7EXPL: 6CVE-2022-22978 – springframework: Authorization Bypass in RegexRequestMatcher
https://notcve.org/view.php?id=CVE-2022-22978
19 May 2022 — In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedo... • https://github.com/DeEpinGh0st/CVE-2022-22978 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2021-22112
https://notcve.org/view.php?id=CVE-2021-22112
23 Feb 2021 — Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. ... • http://www.openwall.com/lists/oss-security/2021/02/19/7 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-5408 – Dictionary attack with Spring Security queryable text encryptor
https://notcve.org/view.php?id=CVE-2020-5408
14 May 2020 — Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x... • https://tanzu.vmware.com/security/cve-2020-5408 • CWE-329: Generation of Predictable IV with CBC Mode CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11272 – PlaintextPasswordEncoder authenticates encoded passwords that are null
https://notcve.org/view.php?id=CVE-2019-11272
26 Jun 2019 — Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". Spring Security, versiones 4.2.x hasta 4.2.12, y versiones anteriores no compatibles admiten contraseñas de texto sin formato mediante PlaintextPasswordEnco... • https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 2%CPEs: 4EXPL: 0CVE-2019-3795 – Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
https://notcve.org/view.php?id=CVE-2019-3795
09 Apr 2019 — Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. Las versiones 4.2.x de Spring Security anteriores a 4.2.12, 5.0.x anteriores a 5.0.12 y 5.1.x anteriores a 5.1.5 contienen una vulnerabilidad d... • http://www.securityfocus.com/bid/107802 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
11 May 2018 — Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizad... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-1199 – spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
https://notcve.org/view.php?id=CVE-2018-1199
16 Mar 2018 — Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path par... • https://access.redhat.com/errata/RHSA-2018:2405 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-4995
https://notcve.org/view.php?id=CVE-2017-4995
27 Nov 2017 — An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following... • http://www.securityfocus.com/bid/99080 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2016-5007
https://notcve.org/view.php?id=CVE-2016-5007
25 May 2017 — Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2016-9879 – Security: Improper handling of path parameters allows bypassing the security constraint
https://notcve.org/view.php?id=CVE-2016-9879
06 Jan 2017 — An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value retur... • http://www.securityfocus.com/bid/95142 • CWE-20: Improper Input Validation CWE-417: Communication Channel Errors •