Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Remediation

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677814

http://secunia.com/advisories/55155

http://support.springsource.com/security/cve-2011-2731

http://www.securitytracker.com/id/1029151

Related Vulnerabilities

CVE-2021-3856 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-23305 Vulnerability in maven package log4j:log4j

CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.log

CVE-2018-1306 Vulnerability in maven package org.apache.portals.pluto:portletv3annotateddemo

CVE-2019-10379 Vulnerability in maven package org.jenkins-ci.plugins:gcm-notification

Severity

Critical

Classification

CWE-362

Tags

Vendor Advisory