Description

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

Remediation

References

https://pivotal.io/security/cve-2018-15801

Related Vulnerabilities

CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project

CVE-2019-10429 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-logo

CVE-2022-25312 Vulnerability in maven package org.apache.any23:apache-any23

CVE-2021-21608 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-43418 Vulnerability in maven package org.jenkins-ci.plugins:katalon

Severity

High

Classification

CWE-345 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory