WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-11272 Vulnerability in maven package org.springframework.security:spring-security-core

Description

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

Remediation

References

https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html

https://pivotal.io/security/cve-2019-11272

Related Vulnerabilities

CVE-2022-4111 Vulnerability in npm package tooljet

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-dao

CVE-2020-28278 Vulnerability in npm package shvl

CVE-2021-30179 Vulnerability in maven package org.apache.dubbo:dubbo

CVE-2020-11990 Vulnerability in npm package cordova-plugin-camera

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Mailing List Third Party Advisory Vendor Advisory