CVE-2018-1258

HIGH8.8EPSS 0.27%

Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass

發布日:2018/10/17修改日:2024/3/14

描述

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

受影響套件(1)

Maven/org.springframework:spring-core>= 5.0.5.RELEASE, < 5.0.6.RELEASE

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(20)

ADVISORYhttps://github.com/advisories/GHSA-cxrj-66c5-9fmh
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1258
PATCHhttps://github.com/spring-projects/spring-framework
WEBhttps://access.redhat.com/errata/RHSA-2019:2413
WEBhttps://github.com/spring-projects/spring-framework/commit/7b8fa90d96aaf751a3256fa755d5f17e081c20f1
WEBhttps://pivotal.io/security/cve-2018-1258
WEBhttps://security.netapp.com/advisory/ntap-20181018-0002
WEBhttps://web.archive.org/web/20200227032934/http://www.securityfocus.com/bid/104222
WEBhttps://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
WEBhttps://web.archive.org/web/20200807033751/http://www.securitytracker.com/id/1041896
WEBhttps://www.oracle.com/security-alerts/cpuapr2020.html
WEBhttps://www.oracle.com/security-alerts/cpujan2020.html
WEBhttps://www.oracle.com/security-alerts/cpujan2021.html
WEBhttps://www.oracle.com/security-alerts/cpujul2020.html
WEBhttps://www.oracle.com/security-alerts/cpuoct2021.html
WEBhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WEBhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
WEBhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
WEBhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html