CVE-2018-15758 – Privilege Escalation in spring-security-oauth2
https://notcve.org/view.php?id=CVE-2018-15758
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. • http://www.securityfocus.com/bid/105687 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-15758 https://access.redhat.com/security/cve/CVE-2018-15758 https://bugzilla.redhat.com/show_bug.cgi?id=1643048 • CWE-285: Improper Authorization •
CVE-2018-1260 – spring-security-oauth: remote code execution in the authorization process
https://notcve.org/view.php?id=CVE-2018-1260
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint. Spring Security OAuth, en versiones 2.3 anteriores a la 2.3.3, versiones 2.2 anteriores a la 2.2.2, versiones 2.1 anteriores a la 2.1.2, versiones 2.0 anteriores a la 2.0.15 y versiones anteriores no soportadas, contiene una vulnerabilidad de ejecución remota de código. Un usuario o atacante malicioso puede manipular una petición de autorización al endpoint de autorización que puede conducir a la ejecución remota de código cuando el propietario del recurso se reenvía al endpoint de aprobación. • http://www.securityfocus.com/bid/104158 https://access.redhat.com/errata/RHSA-2018:1809 https://access.redhat.com/errata/RHSA-2018:2939 https://pivotal.io/security/cve-2018-1260 https://access.redhat.com/security/cve/CVE-2018-1260 https://bugzilla.redhat.com/show_bug.cgi?id=1584376 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-267: Privilege Defined With Unsafe Actions •
CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizado a métodos que deben ser restringidos. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104222 http://www.securitytracker.com/id/1041888 http://www.securitytracker.com/id/1041896 https://access.redhat.com/errata/RHSA-2019:2413 https://pivotal.io/security/cve-2018-1258 https://security.netapp.com/advisory/ntap-20181018-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle& • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVE-2016-5007
https://notcve.org/view.php?id=CVE-2016-5007
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. Tanto en Spring Security versiones 3.2.x, 4.0.x, 4.1.0 como el Framework Spring versiones 3.2.x, 4.0.x, 4.1.x, 4.2.x, se basan en el mapeo de patrones de URL para la autorización y para mapear las peticiones hacia los controladores, respectivamente. Las diferencias en el rigor de los mecanismos de coincidencia de patrones, por ejemplo con respecto al recorte de espacio en los segmentos de ruta (path), pueden hacer que Spring Security no reconozca ciertas rutas (paths) como no protegidas que de hecho se asignan a los controladores MVC de Spring que deben protegerse. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/91687 https://pivotal.io/security/cve-2016-5007 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-264: Permissions, Privileges, and Access Controls •