A vulnerability classified as critical has been found in Spring Security 5.1.0/5.1.1. Affected is some unknown processing of the component JWT Issuer Validation. The manipulation with an unknown input leads to a data authenticity vulnerability. CWE is classifying the issue as CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

The bug was discovered 12/18/2018. The weakness was released 12/19/2018 (Website). The advisory is available at pivotal.io. This vulnerability is traded as CVE-2018-15801 since 08/23/2018. It is possible to launch the attack remotely. Required for exploitation is a authentication. The technical details are unknown and an exploit is not available.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version 5.1.2 eliminates this vulnerability.

Entries connected to this vulnerability are available at VDB-200384, VDB-200385, VDB-212578 and VDB-212579.

Productinfo

Name

• Spring Security

Version

• 5.1.0
• 5.1.1

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion