Authorization Bypass Affecting org.springframework.security:spring-security-oauth2-jose package, versions [5.1.0,5.1.2.RELEASE)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.14% (51st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-72709
  • published20 Dec 2018
  • disclosed13 Nov 2018
  • creditBjörn Bilger

Introduced: 13 Nov 2018

CVE-2018-15801  (opens in a new tab)
CWE-288  (opens in a new tab)

How to fix?

Upgrade org.springframework.security:spring-security-oauth2-jose to version 5.1.2.RELEASE or higher.

Overview

org.springframework.security:spring-security-oauth2-jose provides security services for the Spring IO Platform.

Affected versions of this package are vulnerable to Authorization Bypass via the JWT issuer validator. An attacker could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issue. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs.

CVSS Scores

version 3.1