A flaw was found in Spring Security in combination with Spring Framework versions prior to 5.0.6 contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. References: https://pivotal.io/security/cve-2018-1258
Created springframework-security tracking bugs for this issue: Affects: fedora-all [bug 1578937]
Updating the flaw description: A flaw was found in Spring Security in combination with Spring Framework version 5.0.5.RELEASE only, contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
This issue has been addressed in the following products: Red Hat Fuse 7.4.0 Via RHSA-2019:2413 https://access.redhat.com/errata/RHSA-2019:2413