Bug 2270158 (CVE-2024-22257)

Summary: CVE-2024-22257 spring-security: Broken Access Control With Direct Use of AuthenticatedVoter
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abrianik, aileenc, asatyam, ataylor, boliveir, chazlett, chfoley, cmiranda, dfreiber, dhanak, diagrawa, dpalmer, drichtar, ecerquei, fmariani, ggrzybek, gmalinko, ibek, janstey, jburrell, jkoops, jpoth, jrokos, jscholz, kaycoth, kverlaen, mnovotny, mulliken, owatkins, parichar, pcongius, pdelbell, pdrozd, peholase, pesilva, pjindal, pskopek, rguimara, rmartinc, rogbas, rowaters, rstepani, sabiswas, sdawley, sthorger, swoodman, tasato, tcunning, vkumar, yfang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: spring-security-core 5.7.12, spring-security-core 5.8.11, spring-security-core 6.0.10, spring-security-core 6.1.8, spring-security-core 6.2.3 Doc Type: ---
Doc Text:
A broken access control flaw was found in Spring Security. Applications may be vulnerable when directly using the AuthenticatedVoter#vote passing a NULL authentication parameter.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2270161    

Description Pedro Sampaio 2024-03-18 17:47:45 UTC 
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, 
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to 
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

References:

https://spring.io/security/cve-2024-22257