Lucene search
GitHub Advisory DatabaseGHSA-4644-HG35-55M9HistoryMay 17, 2022 - 4:59 a.m.
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
2022-05-1704:59:50
CWE-362
GitHub Advisory Database
github.com
14
concurrent execution
shared resource
improper synchronization
spring security
race condition
runasmanager
authentication
attackers
privileges
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.003
Percentile
68.4%
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.
Affected configurations
Node
org.springframework.security\Matchspring-security-core
ORorg.springframework.security\Matchspring-security-core
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | org.springframework.security\ | spring-security-core | cpe:2.3:a:*:org.springframework.security\:spring-security-core:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2011-2731
2012-12-05 17:00:00
nvd
nvd
CVE-2011-2731
2012-12-05 17:55:01
prion
prion
Race condition
2012-12-05 17:55:00
securityvulns
securityvulns
cve
cve
CVE-2011-2731
2012-12-05 17:55:01
osv
osv
ubuntucve
ubuntucve
CVE-2011-2731
2012-12-05 00:00:00
CVSS2
5.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.003
Percentile
68.4%
Related for GHSA-4644-HG35-55M9