Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2018-15758
Vulnerability from cvelistv5
Published
2018-10-18 22:00
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
0.40%
(0.5807)
Summary
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105687 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://access.redhat.com/errata/RHSA-2019:2413 | ||
| security_alert@emc.com | https://pivotal.io/security/cve-2018-15758 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105687 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2018-15758 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | Spring Security OAuth |
Version: 2.3 < Version: 2.2 < Version: 2.1 < Version: 2.0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:54.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://pivotal.io/security/cve-2018-15758", }, { name: "105687", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105687", }, { name: "RHSA-2019:2413", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Spring Security OAuth", vendor: "Pivotal", versions: [ { lessThanOrEqual: "2.3.3", status: "affected", version: "2.3", versionType: "custom", }, { lessThanOrEqual: "2.2.2", status: "affected", version: "2.2", versionType: "custom", }, { lessThanOrEqual: "2.1.2", status: "affected", version: "2.1", versionType: "custom", }, { lessThanOrEqual: "2.0.15", status: "affected", version: "2.0", versionType: "custom", }, ], }, ], datePublic: "2018-10-16T00:00:00", descriptions: [ { lang: "en", value: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper Privilege Management", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-08T12:06:04", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://pivotal.io/security/cve-2018-15758", }, { name: "105687", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105687", }, { name: "RHSA-2019:2413", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], source: { discovery: "UNKNOWN", }, title: "Privilege Escalation in spring-security-oauth2", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2018-10-16T07:00:00.000Z", ID: "CVE-2018-15758", STATE: "PUBLIC", TITLE: "Privilege Escalation in spring-security-oauth2", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Security OAuth", version: { version_data: [ { affected: "<=", version_affected: "<=", version_name: "2.3", version_value: "2.3.3", }, { affected: "<=", version_affected: "<=", version_name: "2.2", version_value: "2.2.2", }, { affected: "<=", version_affected: "<=", version_name: "2.1", version_value: "2.1.2", }, { affected: "<=", version_affected: "<=", version_name: "2.0", version_value: "2.0.15", }, ], }, }, ], }, vendor_name: "Pivotal", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Privilege Management", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2018-15758", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2018-15758", }, { name: "105687", refsource: "BID", url: "http://www.securityfocus.com/bid/105687", }, { name: "RHSA-2019:2413", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-15758", datePublished: "2018-10-18T22:00:00Z", dateReserved: "2018-08-23T00:00:00", dateUpdated: "2024-09-17T01:16:40.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2018-15758\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-10-18T22:29:00.537\",\"lastModified\":\"2024-11-21T03:51:24.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).\"},{\"lang\":\"es\",\"value\":\"Spring Security OAuth, en versiones 2.3 anteriores a la 2.3.4, versiones 2.2 anteriores a la 2.2.3, versiones 2.1 anteriores a la 2.1.3, versiones 2.0 anteriores a la 2.0.16 y versiones anteriores no soportadas, podría ser susceptible a un escalado de privilegios bajo ciertas condiciones. Un usuario o atacante malicioso puede manipular una petición al endpoint de aprobación que puede modificar la petición de autorización anteriormente guardada y conducir a un escalado de privilegios en la siguiente aprobación. Este escenario puede ocurrir si la aplicación se configura para emplear un endpoint de aprobación personalizado que declara AuthorizationRequest como argumento del método del controlador. Esta vulnerabilidad expone las aplicaciones que cumplen con todos estos requisitos: Actuar en nombre de un servidor de autorización (@EnableAuthorizationServer) y emplear un endpoint de aprobación personalizado que declara AuthorizationRequest como argumento del método del controlador. Esta vulnerabilidad no expone aplicaciones que: Actúan en el rol de un servidor de autorización y emplean el endpoint de aprobación por defecto, actúan solo en el rol de un servidor de recursos (@EnableResourceServer) o actúan solo en el rol de un cliente (@EnableOAuthClient).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security_alert@emc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5\",\"matchCriteriaId\":\"9A509469-AEE5-456E-893E-8A9DD20720D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.16\",\"matchCriteriaId\":\"04374D1E-5861-4668-AC33-D90BCDEC995B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.3\",\"matchCriteriaId\":\"A5470031-AFC1-4EC1-A5AC-940393DA5A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.3\",\"matchCriteriaId\":\"6BDDDBC1-781C-409B-B701-DEC72B11D90B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"075640B9-8D85-4917-BFD5-C0000FB37CFD\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105687\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2413\",\"source\":\"security_alert@emc.com\"},{\"url\":\"https://pivotal.io/security/cve-2018-15758\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pivotal.io/security/cve-2018-15758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}", }, }
gsd-2018-15758
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
Aliases
Aliases
{ GSD: { alias: "CVE-2018-15758", description: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", id: "GSD-2018-15758", references: [ "https://access.redhat.com/errata/RHSA-2019:2413", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2018-15758", ], details: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", id: "GSD-2018-15758", modified: "2023-12-13T01:22:23.582288Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2018-10-16T07:00:00.000Z", ID: "CVE-2018-15758", STATE: "PUBLIC", TITLE: "Privilege Escalation in spring-security-oauth2", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Security OAuth", version: { version_data: [ { affected: "<=", version_name: "2.3", version_value: "2.3.3", }, { affected: "<=", version_name: "2.2", version_value: "2.2.2", }, { affected: "<=", version_name: "2.1", version_value: "2.1.2", }, { affected: "<=", version_name: "2.0", version_value: "2.0.15", }, ], }, }, ], }, vendor_name: "Pivotal", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Privilege Management", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2018-15758", refsource: "CONFIRM", url: "https://pivotal.io/security/cve-2018-15758", }, { name: "105687", refsource: "BID", url: "http://www.securityfocus.com/bid/105687", }, { name: "RHSA-2019:2413", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], }, source: { discovery: "UNKNOWN", }, }, "gitlab.com": { advisories: [ { affected_range: "(,1.0.5.RELEASE],[2.0.0.RELEASE,2.0.16.RELEASE),[2.1.0.RELEASE,2.1.3.RELEASE), [2.2.0.RELEASE,2.2.3.RELEASE),[2.3.0.RELEASE,2.3.4.RELEASE)", affected_versions: "All versions up to 1.0.5.RELEASE, all versions starting from 2.0.0.RELEASE before 2.0.16.RELEASE, all versions starting from 2.1.0.RELEASE before 2.1.3.RELEASE, all versions starting from 2.2.0.RELEASE before 2.2.3.RELEASE, all versions starting from 2.3.0.RELEASE before 2.3.4.RELEASE", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2019-10-03", description: "Spring Security OAuth are susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval.", fixed_versions: [ "2.0.16.RELEASE", "2.1.3.RELEASE", "2.2.3.RELEASE", "2.3.4.RELEASE", ], identifier: "CVE-2018-15758", identifiers: [ "CVE-2018-15758", ], not_impacted: "All versions after 1.0.5 before 2.0.0, all versions starting from 2.0.16 before 2.1.0.RELEASE, all versions starting from 2.1.3.RELEASE before 2.2.0.RELEASE, all versions starting from 2.2.3.RELEASE before 2.3.0.RELEASE, all versions starting from 2.3.4.RELEASE", package_slug: "maven/org.springframework.security.oauth/spring-security-oauth2", pubdate: "2018-10-18", solution: "Upgrade to versions 2.0.16.RELEASE, 2.1.3.RELEASE, 2.2.3.RELEASE, 2.3.4.RELEASE or above.", title: "Improper Privilege Management", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", "http://www.securityfocus.com/bid/105687", "https://pivotal.io/security/cve-2018-15758", ], uuid: "31e49bfa-4f8f-4f00-9006-14c739ce4120", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.0.5", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.3.4", versionStartIncluding: "2.3.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.2.3", versionStartIncluding: "2.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.1.3", versionStartIncluding: "2.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2.0.16", versionStartIncluding: "2.0.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-15758", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], }, ], }, references: { reference_data: [ { name: "https://pivotal.io/security/cve-2018-15758", refsource: "CONFIRM", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2018-15758", }, { name: "105687", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105687", }, { name: "RHSA-2019:2413", refsource: "REDHAT", tags: [], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, }, }, lastModifiedDate: "2019-10-03T00:03Z", publishedDate: "2018-10-18T22:29Z", }, }, }
fkie_cve-2018-15758
Vulnerability from fkie_nvd
Published
2018-10-18 22:29
Modified
2024-11-21 03:51
Severity ?
9.6 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | http://www.securityfocus.com/bid/105687 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://access.redhat.com/errata/RHSA-2019:2413 | ||
| security_alert@emc.com | https://pivotal.io/security/cve-2018-15758 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105687 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2413 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pivotal.io/security/cve-2018-15758 | Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", matchCriteriaId: "9A509469-AEE5-456E-893E-8A9DD20720D9", versionEndIncluding: "1.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", matchCriteriaId: "04374D1E-5861-4668-AC33-D90BCDEC995B", versionEndExcluding: "2.0.16", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", matchCriteriaId: "A5470031-AFC1-4EC1-A5AC-940393DA5A00", versionEndExcluding: "2.1.3", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", matchCriteriaId: "6BDDDBC1-781C-409B-B701-DEC72B11D90B", versionEndExcluding: "2.2.3", versionStartIncluding: "2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", matchCriteriaId: "075640B9-8D85-4917-BFD5-C0000FB37CFD", versionEndExcluding: "2.3.4", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", }, { lang: "es", value: "Spring Security OAuth, en versiones 2.3 anteriores a la 2.3.4, versiones 2.2 anteriores a la 2.2.3, versiones 2.1 anteriores a la 2.1.3, versiones 2.0 anteriores a la 2.0.16 y versiones anteriores no soportadas, podría ser susceptible a un escalado de privilegios bajo ciertas condiciones. Un usuario o atacante malicioso puede manipular una petición al endpoint de aprobación que puede modificar la petición de autorización anteriormente guardada y conducir a un escalado de privilegios en la siguiente aprobación. Este escenario puede ocurrir si la aplicación se configura para emplear un endpoint de aprobación personalizado que declara AuthorizationRequest como argumento del método del controlador. Esta vulnerabilidad expone las aplicaciones que cumplen con todos estos requisitos: Actuar en nombre de un servidor de autorización (@EnableAuthorizationServer) y emplear un endpoint de aprobación personalizado que declara AuthorizationRequest como argumento del método del controlador. Esta vulnerabilidad no expone aplicaciones que: Actúan en el rol de un servidor de autorización y emplean el endpoint de aprobación por defecto, actúan solo en el rol de un servidor de recursos (@EnableResourceServer) o actúan solo en el rol de un cliente (@EnableOAuthClient).", }, ], id: "CVE-2018-15758", lastModified: "2024-11-21T03:51:24.913", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.1, impactScore: 5.8, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-18T22:29:00.537", references: [ { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105687", }, { source: "security_alert@emc.com", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { source: "security_alert@emc.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2018-15758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://pivotal.io/security/cve-2018-15758", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
RHSA-2019:2413
Vulnerability from csaf_redhat
Published
2019-08-08 10:08
Modified
2025-03-16 23:57
Summary
Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update
Notes
Topic
A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)
* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)
* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)
* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)
* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)
* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)\n\n* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)\n\n* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)\n\n* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)\n\n* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2413", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", }, { category: "external", summary: "1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "1578582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1578582", }, { category: "external", summary: "1601037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601037", }, { category: "external", summary: "1643048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643048", }, { category: "external", summary: "1660263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1660263", }, { category: "external", summary: "1667204", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667204", }, { category: "external", summary: "1692345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692345", }, { category: "external", summary: "1713215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1713215", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2413.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update", tracking: { current_release_date: "2025-03-16T23:57:22+00:00", generator: { date: "2025-03-16T23:57:22+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:2413", initial_release_date: "2019-08-08T10:08:27+00:00", revision_history: [ { date: "2019-08-08T10:08:27+00:00", number: "1", summary: "Initial version", }, { date: "2019-08-08T10:08:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T23:57:22+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.4.0", product: { name: "Red Hat Fuse 7.4.0", product_id: "Red Hat Fuse 7.4.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10750", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-05-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1713215", }, ], notes: [ { category: "description", text: "A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization.", title: "Vulnerability description", }, { category: "summary", text: "hazelcast: java deserialization in join cluster procedure leading to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "The module vertx-hazelcast is not supported in Red Hat OpenShift Application Runtimes (RHOAR) products.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10750", }, { category: "external", summary: "RHBZ#1713215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1713215", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10750", url: "https://www.cve.org/CVERecord?id=CVE-2016-10750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", }, ], release_date: "2016-04-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hazelcast: java deserialization in join cluster procedure leading to remote code execution", }, { cve: "CVE-2018-1258", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2018-05-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1578582", }, ], notes: [ { category: "description", text: "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-core: Unauthorized Access with Spring Security Method Security", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1258", }, { category: "external", summary: "RHBZ#1578582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1578582", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1258", url: "https://www.cve.org/CVERecord?id=CVE-2018-1258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", }, ], release_date: "2018-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security-core: Unauthorized Access with Spring Security Method Security", }, { cve: "CVE-2018-1320", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2019-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1667204", }, ], notes: [ { category: "description", text: "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", title: "Vulnerability description", }, { category: "summary", text: "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", title: "Vulnerability summary", }, { category: "other", text: "OpenDaylight:\nOpenDaylight includes libthrift, however does not use the vulnerable functionality. OpenDaylight should be considered not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1320", }, { category: "external", summary: "RHBZ#1667204", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667204", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1320", url: "https://www.cve.org/CVERecord?id=CVE-2018-1320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", }, ], release_date: "2018-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", }, { acknowledgments: [ { names: [ "Chris McCown", ], }, ], cve: "CVE-2018-8088", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2018-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1548909", }, ], notes: [ { category: "description", text: "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", title: "Vulnerability summary", }, { category: "other", text: "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8088", }, { category: "external", summary: "RHBZ#1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8088", url: "https://www.cve.org/CVERecord?id=CVE-2018-8088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", }, ], release_date: "2018-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", }, { acknowledgments: [ { names: [ "Martin Bajanik", ], }, ], cve: "CVE-2018-10899", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601037", }, ], notes: [ { category: "description", text: "A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jolokia: system-wide CSRF that could lead to Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat OpenStack Platform, jolokia is not enabled by default and, when enabled, the jolokia endpoints do not rely on CORS for security. Therefore, the impact has been reduced to Low and no updates will be provided at this time for the RHOSP jolokia package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10899", }, { category: "external", summary: "RHBZ#1601037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601037", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10899", url: "https://www.cve.org/CVERecord?id=CVE-2018-10899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", }, { category: "external", summary: "https://jolokia.org/#Minor_updates_coming_with_1.6.1", url: "https://jolokia.org/#Minor_updates_coming_with_1.6.1", }, ], release_date: "2019-06-11T10:41:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jolokia: system-wide CSRF that could lead to Remote Code Execution", }, { cve: "CVE-2018-15758", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2018-10-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643048", }, ], notes: [ { category: "description", text: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth: Privilege escalation by manipulating saved authorization request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-15758", }, { category: "external", summary: "RHBZ#1643048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643048", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-15758", url: "https://www.cve.org/CVERecord?id=CVE-2018-15758", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", }, { category: "external", summary: "https://pivotal.io/security/cve-2018-15758", url: "https://pivotal.io/security/cve-2018-15758", }, ], release_date: "2018-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security-oauth: Privilege escalation by manipulating saved authorization request", }, { cve: "CVE-2019-0192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1692345", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "solr: remote code execution due to unsafe deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0192", }, { category: "external", summary: "RHBZ#1692345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692345", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0192", url: "https://www.cve.org/CVERecord?id=CVE-2019-0192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { category: "workaround", details: "* Upgrade to 6.6.6 or later\n* Disable the ConifgAPI if not in use (`disable.configEdit=true`)\n* Use other external means to ensure only trusted traffic is allowed (block POST requests to the config API from external sources)", product_ids: [ "Red Hat Fuse 7.4.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "solr: remote code execution due to unsafe deserialization", }, { acknowledgments: [ { names: [ "Daniel Le Gall", ], organization: "SCRT Information Security", }, ], cve: "CVE-2019-3805", cwe: { id: "CWE-364", name: "Signal Handler Race Condition", }, discovery_date: "2018-11-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1660263", }, ], notes: [ { category: "description", text: "A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3805", }, { category: "external", summary: "RHBZ#1660263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1660263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3805", url: "https://www.cve.org/CVERecord?id=CVE-2019-3805", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", }, ], release_date: "2019-04-30T17:12:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", }, ], }
rhsa-2019_2413
Vulnerability from csaf_redhat
Published
2019-08-08 10:08
Modified
2024-11-25 12:10
Summary
Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update
Notes
Topic
A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)
* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)
* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)
* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)
* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)
* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)\n\n* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)\n\n* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)\n\n* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)\n\n* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2413", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", }, { category: "external", summary: "1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "1578582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1578582", }, { category: "external", summary: "1601037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601037", }, { category: "external", summary: "1643048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643048", }, { category: "external", summary: "1660263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1660263", }, { category: "external", summary: "1667204", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667204", }, { category: "external", summary: "1692345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692345", }, { category: "external", summary: "1713215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1713215", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2413.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update", tracking: { current_release_date: "2024-11-25T12:10:27+00:00", generator: { date: "2024-11-25T12:10:27+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2019:2413", initial_release_date: "2019-08-08T10:08:27+00:00", revision_history: [ { date: "2019-08-08T10:08:27+00:00", number: "1", summary: "Initial version", }, { date: "2019-08-08T10:08:27+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T12:10:27+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.4.0", product: { name: "Red Hat Fuse 7.4.0", product_id: "Red Hat Fuse 7.4.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10750", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-05-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1713215", }, ], notes: [ { category: "description", text: "A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization.", title: "Vulnerability description", }, { category: "summary", text: "hazelcast: java deserialization in join cluster procedure leading to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "The module vertx-hazelcast is not supported in Red Hat OpenShift Application Runtimes (RHOAR) products.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10750", }, { category: "external", summary: "RHBZ#1713215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1713215", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10750", url: "https://www.cve.org/CVERecord?id=CVE-2016-10750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", }, ], release_date: "2016-04-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hazelcast: java deserialization in join cluster procedure leading to remote code execution", }, { cve: "CVE-2018-1258", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2018-05-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1578582", }, ], notes: [ { category: "description", text: "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-core: Unauthorized Access with Spring Security Method Security", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1258", }, { category: "external", summary: "RHBZ#1578582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1578582", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1258", url: "https://www.cve.org/CVERecord?id=CVE-2018-1258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", }, ], release_date: "2018-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security-core: Unauthorized Access with Spring Security Method Security", }, { cve: "CVE-2018-1320", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2019-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1667204", }, ], notes: [ { category: "description", text: "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", title: "Vulnerability description", }, { category: "summary", text: "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", title: "Vulnerability summary", }, { category: "other", text: "OpenDaylight:\nOpenDaylight includes libthrift, however does not use the vulnerable functionality. OpenDaylight should be considered not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1320", }, { category: "external", summary: "RHBZ#1667204", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667204", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1320", url: "https://www.cve.org/CVERecord?id=CVE-2018-1320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", }, ], release_date: "2018-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", }, { acknowledgments: [ { names: [ "Chris McCown", ], }, ], cve: "CVE-2018-8088", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2018-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1548909", }, ], notes: [ { category: "description", text: "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", title: "Vulnerability summary", }, { category: "other", text: "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8088", }, { category: "external", summary: "RHBZ#1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8088", url: "https://www.cve.org/CVERecord?id=CVE-2018-8088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", }, ], release_date: "2018-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", }, { acknowledgments: [ { names: [ "Martin Bajanik", ], }, ], cve: "CVE-2018-10899", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601037", }, ], notes: [ { category: "description", text: "A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jolokia: system-wide CSRF that could lead to Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat OpenStack Platform, jolokia is not enabled by default and, when enabled, the jolokia endpoints do not rely on CORS for security. Therefore, the impact has been reduced to Low and no updates will be provided at this time for the RHOSP jolokia package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10899", }, { category: "external", summary: "RHBZ#1601037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601037", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10899", url: "https://www.cve.org/CVERecord?id=CVE-2018-10899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", }, { category: "external", summary: "https://jolokia.org/#Minor_updates_coming_with_1.6.1", url: "https://jolokia.org/#Minor_updates_coming_with_1.6.1", }, ], release_date: "2019-06-11T10:41:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jolokia: system-wide CSRF that could lead to Remote Code Execution", }, { cve: "CVE-2018-15758", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2018-10-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643048", }, ], notes: [ { category: "description", text: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth: Privilege escalation by manipulating saved authorization request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-15758", }, { category: "external", summary: "RHBZ#1643048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643048", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-15758", url: "https://www.cve.org/CVERecord?id=CVE-2018-15758", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", }, { category: "external", summary: "https://pivotal.io/security/cve-2018-15758", url: "https://pivotal.io/security/cve-2018-15758", }, ], release_date: "2018-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security-oauth: Privilege escalation by manipulating saved authorization request", }, { cve: "CVE-2019-0192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1692345", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "solr: remote code execution due to unsafe deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0192", }, { category: "external", summary: "RHBZ#1692345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692345", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0192", url: "https://www.cve.org/CVERecord?id=CVE-2019-0192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { category: "workaround", details: "* Upgrade to 6.6.6 or later\n* Disable the ConifgAPI if not in use (`disable.configEdit=true`)\n* Use other external means to ensure only trusted traffic is allowed (block POST requests to the config API from external sources)", product_ids: [ "Red Hat Fuse 7.4.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "solr: remote code execution due to unsafe deserialization", }, { acknowledgments: [ { names: [ "Daniel Le Gall", ], organization: "SCRT Information Security", }, ], cve: "CVE-2019-3805", cwe: { id: "CWE-364", name: "Signal Handler Race Condition", }, discovery_date: "2018-11-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1660263", }, ], notes: [ { category: "description", text: "A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3805", }, { category: "external", summary: "RHBZ#1660263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1660263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3805", url: "https://www.cve.org/CVERecord?id=CVE-2019-3805", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", }, ], release_date: "2019-04-30T17:12:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", }, ], }
rhsa-2019:2413
Vulnerability from csaf_redhat
Published
2019-08-08 10:08
Modified
2025-03-16 23:57
Summary
Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update
Notes
Topic
A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)
* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)
* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)
* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)
* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)
* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899)\n\n* spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758)\n\n* solr: remote code execution due to unsafe deserialization (CVE-2019-0192)\n\n* thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320)\n\n* spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258)\n\n* wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2019:2413", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", url: "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", }, { category: "external", summary: "1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "1578582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1578582", }, { category: "external", summary: "1601037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601037", }, { category: "external", summary: "1643048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643048", }, { category: "external", summary: "1660263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1660263", }, { category: "external", summary: "1667204", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667204", }, { category: "external", summary: "1692345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692345", }, { category: "external", summary: "1713215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1713215", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2413.json", }, ], title: "Red Hat Security Advisory: Red Hat Fuse 7.4.0 security update", tracking: { current_release_date: "2025-03-16T23:57:22+00:00", generator: { date: "2025-03-16T23:57:22+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2019:2413", initial_release_date: "2019-08-08T10:08:27+00:00", revision_history: [ { date: "2019-08-08T10:08:27+00:00", number: "1", summary: "Initial version", }, { date: "2019-08-08T10:08:27+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-16T23:57:22+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Fuse 7.4.0", product: { name: "Red Hat Fuse 7.4.0", product_id: "Red Hat Fuse 7.4.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_fuse:7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Fuse", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10750", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2019-05-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1713215", }, ], notes: [ { category: "description", text: "A flaw was found in the cluster join procedure in Hazelcast. This flaw allows an attacker to gain remote code execution via Java deserialization.", title: "Vulnerability description", }, { category: "summary", text: "hazelcast: java deserialization in join cluster procedure leading to remote code execution", title: "Vulnerability summary", }, { category: "other", text: "The module vertx-hazelcast is not supported in Red Hat OpenShift Application Runtimes (RHOAR) products.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2016-10750", }, { category: "external", summary: "RHBZ#1713215", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1713215", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2016-10750", url: "https://www.cve.org/CVERecord?id=CVE-2016-10750", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", url: "https://nvd.nist.gov/vuln/detail/CVE-2016-10750", }, ], release_date: "2016-04-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "hazelcast: java deserialization in join cluster procedure leading to remote code execution", }, { cve: "CVE-2018-1258", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2018-05-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1578582", }, ], notes: [ { category: "description", text: "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.", title: "Vulnerability description", }, { category: "summary", text: "spring-security-core: Unauthorized Access with Spring Security Method Security", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1258", }, { category: "external", summary: "RHBZ#1578582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1578582", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1258", url: "https://www.cve.org/CVERecord?id=CVE-2018-1258", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1258", }, ], release_date: "2018-05-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security-core: Unauthorized Access with Spring Security Method Security", }, { cve: "CVE-2018-1320", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2019-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1667204", }, ], notes: [ { category: "description", text: "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", title: "Vulnerability description", }, { category: "summary", text: "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", title: "Vulnerability summary", }, { category: "other", text: "OpenDaylight:\nOpenDaylight includes libthrift, however does not use the vulnerable functionality. OpenDaylight should be considered not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-1320", }, { category: "external", summary: "RHBZ#1667204", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1667204", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-1320", url: "https://www.cve.org/CVERecord?id=CVE-2018-1320", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1320", }, ], release_date: "2018-03-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class", }, { acknowledgments: [ { names: [ "Chris McCown", ], }, ], cve: "CVE-2018-8088", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, discovery_date: "2018-02-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1548909", }, ], notes: [ { category: "description", text: "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", title: "Vulnerability description", }, { category: "summary", text: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", title: "Vulnerability summary", }, { category: "other", text: "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-8088", }, { category: "external", summary: "RHBZ#1548909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548909", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-8088", url: "https://www.cve.org/CVERecord?id=CVE-2018-8088", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", }, ], release_date: "2018-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", }, { acknowledgments: [ { names: [ "Martin Bajanik", ], }, ], cve: "CVE-2018-10899", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2018-07-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1601037", }, ], notes: [ { category: "description", text: "A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks.", title: "Vulnerability description", }, { category: "summary", text: "jolokia: system-wide CSRF that could lead to Remote Code Execution", title: "Vulnerability summary", }, { category: "other", text: "In Red Hat OpenStack Platform, jolokia is not enabled by default and, when enabled, the jolokia endpoints do not rely on CORS for security. Therefore, the impact has been reduced to Low and no updates will be provided at this time for the RHOSP jolokia package.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-10899", }, { category: "external", summary: "RHBZ#1601037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1601037", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-10899", url: "https://www.cve.org/CVERecord?id=CVE-2018-10899", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-10899", }, { category: "external", summary: "https://jolokia.org/#Minor_updates_coming_with_1.6.1", url: "https://jolokia.org/#Minor_updates_coming_with_1.6.1", }, ], release_date: "2019-06-11T10:41:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "jolokia: system-wide CSRF that could lead to Remote Code Execution", }, { cve: "CVE-2018-15758", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2018-10-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1643048", }, ], notes: [ { category: "description", text: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", title: "Vulnerability description", }, { category: "summary", text: "spring-security-oauth: Privilege escalation by manipulating saved authorization request", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2018-15758", }, { category: "external", summary: "RHBZ#1643048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1643048", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2018-15758", url: "https://www.cve.org/CVERecord?id=CVE-2018-15758", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", }, { category: "external", summary: "https://pivotal.io/security/cve-2018-15758", url: "https://pivotal.io/security/cve-2018-15758", }, ], release_date: "2018-10-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security-oauth: Privilege escalation by manipulating saved authorization request", }, { cve: "CVE-2019-0192", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2019-03-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1692345", }, ], notes: [ { category: "description", text: "A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks.", title: "Vulnerability description", }, { category: "summary", text: "solr: remote code execution due to unsafe deserialization", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-0192", }, { category: "external", summary: "RHBZ#1692345", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1692345", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-0192", url: "https://www.cve.org/CVERecord?id=CVE-2019-0192", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-0192", }, ], release_date: "2019-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { category: "workaround", details: "* Upgrade to 6.6.6 or later\n* Disable the ConifgAPI if not in use (`disable.configEdit=true`)\n* Use other external means to ensure only trusted traffic is allowed (block POST requests to the config API from external sources)", product_ids: [ "Red Hat Fuse 7.4.0", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "solr: remote code execution due to unsafe deserialization", }, { acknowledgments: [ { names: [ "Daniel Le Gall", ], organization: "SCRT Information Security", }, ], cve: "CVE-2019-3805", cwe: { id: "CWE-364", name: "Signal Handler Race Condition", }, discovery_date: "2018-11-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1660263", }, ], notes: [ { category: "description", text: "A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.", title: "Vulnerability description", }, { category: "summary", text: "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat Fuse 7.4.0", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2019-3805", }, { category: "external", summary: "RHBZ#1660263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1660263", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2019-3805", url: "https://www.cve.org/CVERecord?id=CVE-2019-3805", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-3805", }, ], release_date: "2019-04-30T17:12:00+00:00", remediations: [ { category: "vendor_fix", date: "2019-08-08T10:08:27+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are available from the Fuse 7.4.0 product documentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/", product_ids: [ "Red Hat Fuse 7.4.0", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2019:2413", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "Red Hat Fuse 7.4.0", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "wildfly: Race condition on PID file allows for termination of arbitrary processes by local users", }, ], }
ghsa-h8w4-qv99-f7vj
Vulnerability from github
Published
2018-10-19 22:00
Modified
2024-03-04 21:20
Severity ?
Summary
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
Details
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
{ affected: [ { package: { ecosystem: "Maven", name: "org.springframework.security.oauth:spring-security-oauth2", }, ranges: [ { events: [ { introduced: "2.0.0", }, { fixed: "2.0.16", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.springframework.security.oauth:spring-security-oauth2", }, ranges: [ { events: [ { introduced: "2.1.0", }, { fixed: "2.1.3", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.springframework.security.oauth:spring-security-oauth2", }, ranges: [ { events: [ { introduced: "2.2.0", }, { fixed: "2.2.3.RELEASE", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Maven", name: "org.springframework.security.oauth:spring-security-oauth2", }, ranges: [ { events: [ { introduced: "2.3.0", }, { fixed: "2.3.4.RELEASE", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2018-15758", ], database_specific: { cwe_ids: [ "CWE-269", ], github_reviewed: true, github_reviewed_at: "2020-06-16T21:39:36Z", nvd_published_at: null, severity: "HIGH", }, details: "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).", id: "GHSA-h8w4-qv99-f7vj", modified: "2024-03-04T21:20:57Z", published: "2018-10-19T22:00:28Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2018-15758", }, { type: "WEB", url: "https://github.com/spring-attic/spring-security-oauth/commit/4082ec7ae3d39198a47b5c803ccb20dacefb0b0", }, { type: "WEB", url: "https://github.com/spring-attic/spring-security-oauth/commit/623776689fdcc8047f5a908c71f348e1f172a97", }, { type: "WEB", url: "https://github.com/spring-attic/spring-security-oauth/commit/ddd65cd9417ae1e4a69e4193a622300db38e2ef", }, { type: "WEB", url: "https://github.com/spring-attic/spring-security-oauth/commit/f92223afc71687bd3156298054903f50aa71fbf", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { type: "ADVISORY", url: "https://github.com/advisories/GHSA-h8w4-qv99-f7vj", }, { type: "WEB", url: "https://pivotal.io/security/cve-2018-15758", }, { type: "WEB", url: "http://www.securityfocus.com/bid/105687", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], summary: "Authorization bypass in org.springframework.security.oauth:spring-security-oauth2", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.