Incorrect Authorization
CVE-2022-31692
Summary
Spring Security, versions 5.7.x prior to 5.7.5, and 5.6.x prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the "authorizeHttpRequests()" method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint. The application configures Spring Security to apply to every dispatcher type via "authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)".
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-863 - Incorrect Authorization
Authorization is a security mechanism performed by an application to grant or deny access to the requested resources by verifying the privileges of the user. When an application lacks effective authorization mechanisms, it enables unauthorized users to gain unintended privileges and illegitimate access to resources. Such a vulnerability may result in exposure of sensitive information, denial of service, arbitrary code execution, and complete system takeover.
References
Advisory Timeline
- Published