Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxMjgtaDV2Zy04cHJ4

Privilege escalation in spring security

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

Permalink: https://github.com/advisories/GHSA-gq28-h5vg-8prx
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxMjgtaDV2Zy04cHJ4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 4 months ago


CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-gq28-h5vg-8prx, CVE-2021-22112
References:

Affected Packages

maven:org.springframework.security:spring-security-web
Versions: >= 5.3.0, < 5.3.8, >= 5.4.0, < 5.4.4, < 5.2.9
Fixed in: 5.3.8, 5.4.4, 5.2.9
maven:org.springframework.security:spring-security-bom
Versions: < 5.2.9, >= 5.3.0, < 5.3.8, >= 5.4.0, < 5.4.4
Fixed in: 5.2.9, 5.3.8, 5.4.4