CVE-2010-3700 – org.springframework.security:spring-security-core

Package

Manager: maven
Name: org.springframework.security:spring-security-core
Vulnerable Version: >=2.0.0 <2.0.6 || >=3.0.0 <3.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00248 pctl0.47902

Details

Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter.

Metadata

Created: 2022-05-14T02:43:11Z
Modified: 2022-07-08T18:48:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3295-h9qx-r82x/GHSA-3295-h9qx-r82x.json
CWE IDs: ["CWE-288"]
Alternative ID: GHSA-3295-h9qx-r82x
Finding: F115
Auto approve: 1