CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45669 – Improper signature counter value handling in webauthn4j-spring-security
https://notcve.org/view.php?id=CVE-2023-45669
16 Oct 2023 — WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use... • https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2022-22976 – springframework: BCrypt skips salt rounds for work factor of 31
https://notcve.org/view.php?id=CVE-2022-22976
19 May 2022 — Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. Spring Security versiones 5.5.x anteriores a 5.5.7, 5.6.x anteriores a 5.6.4 y versiones anteriores no soportadas, contienen una vulnerabilidad de desbordamiento de enteros.... • https://github.com/spring-io/cve-2022-22976-bcrypt-skips-salt • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 90%CPEs: 7EXPL: 6CVE-2022-22978 – springframework: Authorization Bypass in RegexRequestMatcher
https://notcve.org/view.php?id=CVE-2022-22978
19 May 2022 — In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedo... • https://github.com/DeEpinGh0st/CVE-2022-22978 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 1CVE-2021-22119 – spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request
https://notcve.org/view.php?id=CVE-2021-22119
29 Jun 2021 — Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. Spring Security ... • https://github.com/mari6274/oauth-client-exploit • CWE-400: Uncontrolled Resource Consumption CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 1%CPEs: 11EXPL: 0CVE-2021-22112
https://notcve.org/view.php?id=CVE-2021-22112
23 Feb 2021 — Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. ... • http://www.openwall.com/lists/oss-security/2021/02/19/7 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-5408 – Dictionary attack with Spring Security queryable text encryptor
https://notcve.org/view.php?id=CVE-2020-5408
14 May 2020 — Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. Spring Security versiones 5.3.x anteriores a 5.3.2, versiones 5.2.x anteriores a 5.2.4, versiones 5.1.x... • https://tanzu.vmware.com/security/cve-2020-5408 • CWE-329: Generation of Predictable IV with CBC Mode CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5407 – Signature Wrapping Vulnerability with spring-security-saml2-service-provider
https://notcve.org/view.php?id=CVE-2020-5407
13 May 2020 — Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. Spring Security versiones 5.2.x anteriores a 5.2.4 y versiones 5.3.x anteriores a 5.3.2, contienen una vulnerabilidad de empaquetado de firma durante la... • https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7%40%3Cissues.servicemix.apache.org%3E • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11272 – PlaintextPasswordEncoder authenticates encoded passwords that are null
https://notcve.org/view.php?id=CVE-2019-11272
26 Jun 2019 — Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". Spring Security, versiones 4.2.x hasta 4.2.12, y versiones anteriores no compatibles admiten contraseñas de texto sin formato mediante PlaintextPasswordEnco... • https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 2%CPEs: 4EXPL: 0CVE-2019-3795 – Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
https://notcve.org/view.php?id=CVE-2019-3795
09 Apr 2019 — Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. Las versiones 4.2.x de Spring Security anteriores a 4.2.12, 5.0.x anteriores a 5.0.12 y 5.1.x anteriores a 5.1.5 contienen una vulnerabilidad d... • http://www.securityfocus.com/bid/107802 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-1199 – spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
https://notcve.org/view.php?id=CVE-2018-1199
16 Mar 2018 — Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path par... • https://access.redhat.com/errata/RHSA-2018:2405 • CWE-20: Improper Input Validation •