org.springframework.security:spring-security-core@3.1.2.RELEASE vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.springframework.security:spring-security-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Access Control

org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Improper Access Control when the application uses AuthenticatedVoter directly and a null authentication parameter is passed to it. Exploiting this vulnerability resulting in an erroneous true return value.

Note

Users are not affected if:

  1. The application does not use AuthenticatedVoter#vote directly.

  2. The application does not pass null to AuthenticatedVoter#vote.

How to fix Improper Access Control?

Upgrade org.springframework.security:spring-security-core to version 5.7.12, 5.8.11, 6.0.10, 6.1.8, 6.2.3 or higher.

[,5.7.12) [5.8.0,5.8.11) [6.0.0,6.0.10) [6.1.0,6.1.8) [6.2.0,6.2.3)
  • M
Integer Overflow or Wraparound

org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound when using the BCrypt class with the maximum work factor (31). In such a case, the encoder does not perform any salt rounds due to the overflow.

Note:

The default settings are not affected by this CVE.

How to fix Integer Overflow or Wraparound?

Upgrade org.springframework.security:spring-security-core to version 5.4.11 or higher.

[3.1.0.RELEASE,5.4.11)
  • M
Privilege Escalation

org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Privilege Escalation. It fails to save the SecurityContext if it has changed more than once in a single request. The SecurityContext can fail to save to the HttpSession if a developer changes the SecurityContext twice in a single request when both of the following conditions are met: First the developer must change the SecurityContext before the HttpResponse is committed and then the HttpResponse must be committed before the SecurityContextPersistenceFilter completes. Then the developer must attempt to change the SecurityContext again before the SecurityContextPersistenceFilter completes. A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

How to fix Privilege Escalation?

Upgrade org.springframework.security:spring-security-core to version 5.4.4, 5.3.8.RELEASE, 5.2.9.RELEASE or higher.

[5.4.0,5.4.4) [5.3.0.RELEASE,5.3.8.RELEASE) [,5.2.9.RELEASE)
  • H
Authentication Bypass

org.springframework.security:spring-security-core package that provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Authentication Bypass. The ActiveDirectoryLdapAuthenticator does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

How to fix Authentication Bypass?

Upgrade org.springframework.security:spring-security-core to version 3.2.2.RELEASE, 3.1.6.RELEASE or higher.

[3.2.0.RELEASE,3.2.2.RELEASE) [3.1.0.RELEASE,3.1.6.RELEASE)
  • M
Information Exposure

org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Information Exposure. DaoAuthenticationProvider in VMware SpringSource Spring Security does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.

How to fix Information Exposure?

Upgrade org.springframework.security:spring-security-core to version 2.0.8.RELEASE, 3.0.8.RELEASE, 3.1.3.RELEASE or higher.

[,2.0.8.RELEASE) [3.0.0.RELEASE,3.0.8.RELEASE) [3.1.0.RELEASE,3.1.3.RELEASE)