CVE-2020-5407 – org.springframework.security:spring-security-core

Package

Manager: maven
Name: org.springframework.security:spring-security-core
Vulnerable Version: >=5.2.0 <5.2.4 || >=5.3.0 <5.3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00665 pctl0.70326

Details

Signature wrapping vulnerability in Spring Security Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

Metadata

Created: 2020-06-05T16:13:29Z
Modified: 2021-06-15T17:44:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-48rw-j489-928m/GHSA-48rw-j489-928m.json
CWE IDs: ["CWE-347"]
Alternative ID: GHSA-48rw-j489-928m
Finding: F163
Auto approve: 1