GHSA-mmmh-wcxm-2wr4

Suggest an improvement
Source
https://github.com/advisories/GHSA-mmmh-wcxm-2wr4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-mmmh-wcxm-2wr4/GHSA-mmmh-wcxm-2wr4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-mmmh-wcxm-2wr4
Aliases
Published
2022-11-01T12:00:37Z
Modified
2024-02-17T05:36:01.522714Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Details

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Database specific
{
    "nvd_published_at": "2022-10-31T20:15:00Z",
    "cwe_ids": [
        "CWE-863"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T19:00:59Z"
}
References

Affected packages

Maven / org.springframework.security:spring-security-core

Package

Name
org.springframework.security:spring-security-core
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.security/spring-security-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.7.5

Affected versions

5.*

5.7.0
5.7.1
5.7.2
5.7.3
5.7.4

Maven / org.springframework.security:spring-security-core

Package

Name
org.springframework.security:spring-security-core
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.security/spring-security-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.6.9

Affected versions

5.*

5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.6.6
5.6.7
5.6.8