Authorization bypass in Spring Security

GHSA-hh32-7344-cg2f · CVE-2022-22978

Published May 20, 2022 · Modified Oct 4, 2024

Description

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.

References

9.8 / 10

CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Packages

Maven/org.springframework.security:spring-security-core

Fix 5.4.11, 5.5.7, 5.6.4

Introduced 0, 5.5.0, 5.6.0

155 affected versions

2.0.02.0.12.0.22.0.32.0.42.0.5.RELEASE2.0.6.RELEASE2.0.7.RELEASE2.0.8.RELEASE3.0.0.RELEASE3.0.1.RELEASE3.0.2.RELEASE3.0.3.RELEASE3.0.4.RELEASE3.0.5.RELEASE3.0.6.RELEASE3.0.7.RELEASE3.0.8.RELEASE3.1.0.RELEASE3.1.1.RELEASE +135 more

Maven/org.springframework.security:spring-security-web

Fix 5.4.11, 5.5.7, 5.6.4

Introduced 0, 5.5.0, 5.6.0

146 affected versions

3.0.0.RELEASE3.0.1.RELEASE3.0.2.RELEASE3.0.3.RELEASE3.0.4.RELEASE3.0.5.RELEASE3.0.6.RELEASE3.0.7.RELEASE3.0.8.RELEASE3.1.0.RELEASE3.1.1.RELEASE3.1.2.RELEASE3.1.3.RELEASE3.1.4.RELEASE3.1.5.RELEASE3.1.6.RELEASE3.1.7.RELEASE3.2.0.RELEASE3.2.1.RELEASE3.2.10.RELEASE +126 more

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes