Bug 1578582 (CVE-2018-1258)
| Summary: | CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bmcclain, chazlett, dblechte, drieden, eedri, gmalinko, hghasemb, janstey, java-sig-commits, lsurette, mgoldboi, mhicks, michal.skrivanek, pdelbell, puntogil, Rhev-m-bugs, rstepani, sbonazzo, sgordon, sherold, srevivo, ykaul |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | spring-framework 5.0.6 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:23:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1578937 | ||
| Bug Blocks: | 1578941 | ||
|
Description
Laura Pardo
2018-05-15 22:23:19 UTC
Created springframework-security tracking bugs for this issue: Affects: fedora-all [bug 1578937] Updating the flaw description: A flaw was found in Spring Security in combination with Spring Framework version 5.0.5.RELEASE only, contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. This issue has been addressed in the following products: Red Hat Fuse 7.4.0 Via RHSA-2019:2413 https://access.redhat.com/errata/RHSA-2019:2413 |