CVE-2018-15758
published 2018-10-18CVE-2018-15758: Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions…
PriorityP349high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
2.15%
79.9th percentile
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pivotal | spring_security_oauth | 2.0 – 2.0.15 | — |
| pivotal | spring_security_oauth | 2.1 – 2.1.2 | — |
| pivotal | spring_security_oauth | 2.2 – 2.2.2 | — |
| pivotal | spring_security_oauth | 2.3 – 2.3.3 | — |
| pivotal_software | spring_security_oauth | <= 1.0.5 | — |
| pivotal_software | spring_security_oauth | >= 2.0.0 < 2.0.16 | 2.0.16 |
| pivotal_software | spring_security_oauth | >= 2.1.0 < 2.1.3 | 2.1.3 |
| pivotal_software | spring_security_oauth | >= 2.2.0 < 2.2.3 | 2.2.3 |
| pivotal_software | spring_security_oauth | >= 2.3.0 < 2.3.4 | 2.3.4 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
ghsa·2018-10-19
CVE-2018-15758 [HIGH] CWE-269 Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g
OSV
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
osv·2018-10-19
CVE-2018-15758 [HIGH] Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g
Red Hat
spring-security-oauth: Privilege escalation by manipulating saved authorization request
vendor_redhat·2018-10-16·CVSS 9.6
CVE-2018-15758 [CRITICAL] CWE-285 spring-security-oauth: Privilege escalation by manipulating saved authorization request
spring-security-oauth: Privilege escalation by manipulating saved authorization request
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Serve
No detection rules found.
No public exploits indexed.
2018-10-18
Published