CVE-2018-1258
Description
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE
- (none)
Affected
- Pivotal / Spring Framework — v=5.0.5 [affected]
CVSS
- (none)
References
- http://www.securityfocus.com/bid/104222 vdb-entry, x_refsource_BID
- http://www.securitytracker.com/id/1041888 vdb-entry, x_refsource_SECTRACK
- http://www.securitytracker.com/id/1041896 vdb-entry, x_refsource_SECTRACK
- https://access.redhat.com/errata/RHSA-2019:2413 vendor-advisory, x_refsource_REDHAT
- https://www.oracle.com/security-alerts/cpuapr2020.html x_refsource_MISC
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html x_refsource_CONFIRM
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html x_refsource_CONFIRM
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html x_refsource_MISC
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html x_refsource_MISC
- https://www.oracle.com/security-alerts/cpujan2020.html x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20181018-0002/ x_refsource_CONFIRM
- https://pivotal.io/security/cve-2018-1258 x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
- https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
Source
cvelistV5-main/cves/2018/1xxx/CVE-2018-1258.json