Cross-Site Request Forgery Vulnerability in Spring Framework by Pivotal
CVE-2015-5258

8.8HIGH

Key Information:

Vendor: Fedoraproject
Status: Fedora
Vendor: CVE Published:; 22 August 2017

Summary

The Spring Framework is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which can allow an attacker to perform unauthorized actions on behalf of an authenticated user without their knowledge. This occurs when an attacker tricks a user into submitting a malicious request via the web browser, potentially compromising sensitive data or making changes to their account settings. Users should ensure they have updated to version 1.1.3 or higher to mitigate this risk.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1305443

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2017
Vulnerability Reserved
Jul 1, 2015