Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2014-3527

UNKNOWN
Published 2017-05-25T17:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2014-3527. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Pivotal

Spring Security

Affected Versions:

3.1 to 3.2.4

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Authorization Bypass in Spring Security

GHSA-wmv4-5w76-vp9g

Advisory Details

When using Spring Security's CAS Proxy ticket authentication a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users. ## Mitigation Users of affected versions should apply the following mitigation: - Users of 3.2x should upgrade to 3.2.5 or later - Users of 3.1.x should upgrade to 3.1.7 or later ## Credit This issue was identified by David Ohsie and brought to our attention by the CAS Development team.

Affected Packages

Maven org.springframework.security:spring-security-core
ECOSYSTEM: ≥0 <3.1.7
Maven org.springframework.security:spring-security-core
ECOSYSTEM: ≥3.2.0 <3.2.5

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3527
WEB https://github.com/spring-projects/spring-security/issues/2907
WEB https://github.com/spring-projects/spring-security/commit/934937d9c1dc20c396b96c08310b72cfa627acb
WEB https://github.com/spring-projects/spring-security
WEB https://pivotal.io/security/cve-2014-3527

Advisory provided by GitHub Security Advisory Database. Published: September 15, 2020, Modified: April 16, 2024

References

https://pivotal.io/security/cve-2014-3527
Published: 2017-05-25T17:00:00
Last Modified: 2024-08-06T10:50:16.372Z
Copied to clipboard!