CVE-2019-3778

{"id": "CVE-2019-3778", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2019-03-07T18:29:00.540", "references": [{"url": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/107153", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2019-3778", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Third Party Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the \"redirect_uri\" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient)."}, {"lang": "es", "value": "Spring Security OAuth, en la versiones 2.3 anteriores a la 2.3.5, en las 2.2 anteriores a las 2.2.4, en las 2.1 anteriores a la 2.1.4 y en las 2.0 anteriores a la 2.0.17 (y versiones anteriores no soportadas) podr\u00eda ser susceptible a un ataque de redireccionamiento capaz de divulgar un c\u00f3digo de autorizaci\u00f3n. Un usuario o atacante malicioso puede manipular una petici\u00f3n al endpoint de autorizaci\u00f3n mediante el uso del tipo de concesi\u00f3n de autorizaci\u00f3n y la especificaci\u00f3n de un URI de redireccionamiento manipulado mediante el par\u00e1metro \"redirect_uri\". Esto puede provocar que el servidor de autorizaci\u00f3n redirija al user-agent del propietario del recurso a un URI bajo en control del atacante con el c\u00f3digo de autorizaci\u00f3n divulgado. Esta vulnerabilidad expone las aplicaciones que cumplen con todos los siguientes requisitos: act\u00faa en el rol de un servidor de autorizaci\u00f3n (@EnableAuthorizationServer) y utiliza DefaultRedirectResolver en AuthorizationEndpoint. Esta vulnerabilidad no expone las aplicacionesplciaciones que: act\u00faan en el rol de un servidor de autorizaci\u00f3n (@EnableAuthorizationServer) y utilizan una implementaci\u00f3n RedirectResolver que no sea DefaultRedirectResolver en AuthorizationEndpoint, act\u00faan solamente en el rol de un servidor de recursos (p.ej., @EnableResourceServer) y act\u00faan en el rol de solamente un cliente (p.ej., @EnableOAuthClient)."}], "lastModified": "2021-01-30T02:36:39.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B789A3FA-A33E-49F9-BAA9-85F788F5E055", "versionEndExcluding": "2.0.17", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE8265A8-ED88-4A63-B9CC-A97C4452C4AC", "versionEndExcluding": "2.1.4", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ACA5453-791C-4468-8A98-643706D2A098", "versionEndExcluding": "2.2.4", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:pivotal_software:spring_security_oauth:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E128057-775F-4540-846D-9E482708741C", "versionEndExcluding": "2.3.5", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_corporate_lending:14.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E17A81A3-8B4A-437F-8A7E-FE336A6567AD"}, {"criteria": "cpe:2.3:a:oracle:banking_corporate_lending:14.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0315C0A-1C45-42EA-A132-83AF9B889AE6"}, {"criteria": "cpe:2.3:a:oracle:banking_corporate_lending:14.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE9BBBFD-9FBD-47FA-AC5C-278A4382C344"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}