CVE-2011-2731

CWE-362 — Race Condition6 documents6 sources

Severity

5.1MEDIUM

EPSS

0.2%

top 54.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Springsource Spring Security

Timeline

PublishedDec 5

Latest updateMay 17

Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDvmware/springsource_spring_security2.0.6+12

▶Mavenorg.springframework.security:spring-security-core3.0.0 — 3.0.6+1

🔴Vulnerability Details

GHSA

Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security↗2022-05-17

▶

OSV

Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security↗2022-05-17

▶

CVEList

CVE-2011-2731: Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2↗2012-12-05

▶

📋Vendor Advisories

Red Hat

Security: Privilege escalation by using RunAsManager mechanism↗2011-09-09

▶

💬Community

Bugzilla

CVE-2011-2731 Spring Security: Privilege escalation by using RunAsManager mechanism↗2011-09-12

▶