Remote Code Execution Vulnerability in Spring Security OAuth by Pivotal
CVE-2018-1260
9.8CRITICAL
What is CVE-2018-1260?
A vulnerability exists in Spring Security OAuth that allows an attacker to exploit the authorization request process. When a malicious actor crafts an authorization request directed at the authorization endpoint, it can lead to remote code execution when the resource owner is inadvertently redirected to the approval endpoint. This issue affects various versions of Spring Security OAuth, including the unsupported ones, posing serious security risks to applications that rely on this framework.
Affected Version(s)
Spring Security OAuth 2.3 prior to 2.3.3; 2.2 prior to 2.2.2; 2.1 prior to 2.1.2; 2.0 prior to 2.0.15
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
