Privilege Escalation Affecting org.springframework.security:spring-security-core package, versions [5.4.0, 5.4.4) [5.3.0.RELEASE, 5.3.8.RELEASE) [,5.2.9.RELEASE)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-1078232
- published 21 Feb 2021
- disclosed 21 Feb 2021
- credit Unknown
Introduced: 21 Feb 2021
CVE-2021-22112 Open this link in a new tabHow to fix?
Upgrade org.springframework.security:spring-security-core to version 5.4.4, 5.3.8.RELEASE, 5.2.9.RELEASE or higher.
Overview
org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform.
Affected versions of this package are vulnerable to Privilege Escalation. It fails to save the SecurityContext if it has changed more than once in a single request. The SecurityContext can fail to save to the HttpSession if a developer changes the SecurityContext twice in a single request when both of the following conditions are met: First the developer must change the SecurityContext before the HttpResponse is committed and then the HttpResponse must be committed before the SecurityContextPersistenceFilter completes. Then the developer must attempt to change the SecurityContext again before the SecurityContextPersistenceFilter completes. A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.