Bug 2162200 (CVE-2022-31690)

Summary: CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abenaiss, aileenc, alampare, alazarot, asoldano, ataylor, balejosg, bbaranow, bmaxwell, boliveir, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dfreiber, dhanak, dkreling, dosoudil, emingora, fjuma, fmongiar, gjospin, gmalinko, ibek, ivassile, iweiss, janstey, jburrell, jnethert, jpavlik, jpoth, jrokos, jross, jwon, kverlaen, lbacciot, lgao, mnovotny, mokumar, mosmerov, msochure, msvehla, nwallace, pdelbell, pdrozd, peholase, pjindal, pmackay, pskopek, rguimara, rogbas, rrajasek, rstancel, smaestri, sthorger, tcunning, tom.jenkinson, vkumar, yfang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Spring Security 5.7.5, Spring Security 5.6.9 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-16 13:28:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2166814    
Bug Blocks: 2162203    

Description Avinash Hanwate 2023-01-19 05:06:27 UTC 
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

https://tanzu.vmware.com/security/cve-2022-31690
https://security.netapp.com/advisory/ntap-20221215-0010/
Comment 5 errata-xmlrpc 2023-03-16 07:57:09 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2023:1285 https://access.redhat.com/errata/RHSA-2023:1285
Comment 6 errata-xmlrpc 2023-03-16 09:31:27 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2023:1286 https://access.redhat.com/errata/RHSA-2023:1286
Comment 7 Product Security DevOps Team 2023-03-16 13:28:28 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-31690
Comment 13 errata-xmlrpc 2023-04-12 11:58:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:1655 https://access.redhat.com/errata/RHSA-2023:1655
Comment 14 errata-xmlrpc 2023-04-27 00:48:53 UTC 
This issue has been addressed in the following products:

  MTA-6.1-RHEL-8

Via RHSA-2023:2041 https://access.redhat.com/errata/RHSA-2023:2041