CVE-2022-22978
CRITICAL9.8EPSS 90.2%Authorization bypass in Spring Security
Published: 5/20/2022Modified: 10/4/2024
Description
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Affected packages (2)
- Maven/org.springframework.security:spring-security-core>= 5.5.0, < 5.5.7
- Maven/org.springframework.security:spring-security-web>= 5.5.0, < 5.5.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-22978
- PATCHhttps://github.com/spring-projects/spring-security
- WEBhttps://github.com/anchore/grype/issues/2158
- WEBhttps://github.com/spring-projects/spring-security/blob/main/web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
- WEBhttps://security.netapp.com/advisory/ntap-20220707-0003
- WEBhttps://spring.io/security/cve-2022-22978
- WEBhttps://tanzu.vmware.com/security/cve-2022-22978
- WEBhttps://www.oracle.com/security-alerts/cpujul2022.html