In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 3.1.10
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2024-22234
### Vulnerable Libraries - spring-security-core-6.1.5.jar, spring-security-web-6.1.5.jar
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method.
Specifically, an application is vulnerable if:
* The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value.
An application is not vulnerable if any of the following is true:
* The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly.
* The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated
* The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/6.1.5/spring-security-web-6.1.5.jar
Found in HEAD commit: 554bfed779ba2656f86f83b99096329ab8d6b1e1
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-22257
### Vulnerable Library - spring-security-core-6.1.5.jarSpring Security
Library home page: https://spring.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/6.1.5/spring-security-core-6.1.5.jar
Dependency Hierarchy: - spring-boot-starter-security-3.1.5.jar (Root Library) - spring-security-config-6.1.5.jar - :x: **spring-security-core-6.1.5.jar** (Vulnerable Library)
Found in HEAD commit: 554bfed779ba2656f86f83b99096329ab8d6b1e1
Found in base branch: main
### Vulnerability DetailsIn Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Publish Date: 2024-03-18
URL: CVE-2024-22257
### CVSS 3 Score Details (8.2)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://spring.io/security/cve-2024-22257
Release Date: 2024-03-18
Fix Resolution (org.springframework.security:spring-security-core): 6.1.8
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 3.1.10
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2024-22234
### Vulnerable Libraries - spring-security-core-6.1.5.jar, spring-security-web-6.1.5.jar### spring-security-core-6.1.5.jar
Spring Security
Library home page: https://spring.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/6.1.5/spring-security-core-6.1.5.jar
Dependency Hierarchy: - spring-boot-starter-security-3.1.5.jar (Root Library) - spring-security-config-6.1.5.jar - :x: **spring-security-core-6.1.5.jar** (Vulnerable Library) ### spring-security-web-6.1.5.jar
Spring Security
Library home page: https://spring.io
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/6.1.5/spring-security-web-6.1.5.jar
Dependency Hierarchy: - spring-boot-starter-security-3.1.5.jar (Root Library) - :x: **spring-security-web-6.1.5.jar** (Vulnerable Library)
Found in HEAD commit: 554bfed779ba2656f86f83b99096329ab8d6b1e1
Found in base branch: main
### Vulnerability DetailsIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html
Publish Date: 2024-02-20
URL: CVE-2024-22234
### CVSS 3 Score Details (7.4)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://spring.io/security/cve-2024-22234
Release Date: 2024-02-20
Fix Resolution (org.springframework.security:spring-security-core): 6.1.7
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 3.1.9
Fix Resolution (org.springframework.security:spring-security-web): 6.1.7
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 3.1.9
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.