GHSA-gcgw-q47m-prvj – com.sap.cloud.security:spring-security

Package

Manager: maven
Name: com.sap.cloud.security:spring-security
Vulnerable Version: <0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references. ## Original Description SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Metadata

Created: 2023-12-12T03:31:45Z
Modified: 2024-09-30T18:52:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-gcgw-q47m-prvj/GHSA-gcgw-q47m-prvj.json
CWE IDs: ["CWE-269", "CWE-639", "CWE-749"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0