Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.springframework.security:spring-security-core(Maven) | 5.1.0 | 5.1.2 | N/A |
| org.springframework.security:spring-security-oauth2-jose(Maven) | 5.1.0 | 5.1.2 | N/A |
CVSS Metrics
