Description

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

Remediation

References

https://pivotal.io/security/cve-2018-15801

Related Vulnerabilities

CVE-2017-15697 Vulnerability in maven package org.apache.nifi:nifi-web-error

CVE-2022-36900 Vulnerability in maven package com.compuware.jenkins:compuware-zadviser-api

CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-client-registration-api

CVE-2022-28156 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest

CVE-2022-37866 Vulnerability in maven package org.apache.ivy:ivy

Severity

High

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory