Bug 2162200 (CVE-2022-31690) - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client
Summary: CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-31690
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2166814
Blocks: 2162203
TreeView+ depends on / blocked
 
Reported: 2023-01-19 05:06 UTC by Avinash Hanwate
Modified: 2023-11-13 11:46 UTC (History)
59 users (show)

Fixed In Version: Spring Security 5.7.5, Spring Security 5.6.9
Clone Of:
Environment:
Last Closed: 2023-03-16 13:28:32 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:1285 0 None None None 2023-03-16 07:57:12 UTC
Red Hat Product Errata RHSA-2023:1286 0 None None None 2023-03-16 09:31:31 UTC
Red Hat Product Errata RHSA-2023:1655 0 None None None 2023-04-12 11:58:55 UTC
Red Hat Product Errata RHSA-2023:2041 0 None None None 2023-04-27 00:48:56 UTC

Description Avinash Hanwate 2023-01-19 05:06:27 UTC 
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

https://tanzu.vmware.com/security/cve-2022-31690
https://security.netapp.com/advisory/ntap-20221215-0010/
Comment 5 errata-xmlrpc 2023-03-16 07:57:09 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2023:1285 https://access.redhat.com/errata/RHSA-2023:1285
Comment 6 errata-xmlrpc 2023-03-16 09:31:27 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2023:1286 https://access.redhat.com/errata/RHSA-2023:1286
Comment 7 Product Security DevOps Team 2023-03-16 13:28:28 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-31690
Comment 13 errata-xmlrpc 2023-04-12 11:58:51 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.10

Via RHSA-2023:1655 https://access.redhat.com/errata/RHSA-2023:1655
Comment 14 errata-xmlrpc 2023-04-27 00:48:53 UTC 
This issue has been addressed in the following products:

  MTA-6.1-RHEL-8

Via RHSA-2023:2041 https://access.redhat.com/errata/RHSA-2023:2041
Note You need to log in before you can comment on or make changes to this bug.