CVE-2018-15801

HIGH

Spring Security 5.1.x < 5.1.2 - Authorization Bypass via JWT Issuer Validation

Title source: llm
STIX 2.1

Description

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2018-15801

Scores

CVSS v3 7.4
EPSS 0.0012
EPSS Percentile 31.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-345
Status published
Products (3)
org.springframework.security/spring-security-core 5.1.0 - 5.1.2Maven
org.springframework.security/spring-security-oauth2-jose 5.1.0 - 5.1.2Maven
vmware/spring_framework 5.1.0 - 5.1.2
Published Dec 19, 2018
Tracked Since Feb 18, 2026