8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-15758

GHSA ID

GHSA-h8w4-qv99-f7vj

EPSS Score

0.60112%

CWE

CWE-269

Published

10/19/2018

Updated

3/4/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-15758

CVE-2018-15758: Authorization bypass in org.springframework.security.oauth:spring-security-oauth2

Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).

(GitHub Advisory)

8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-15758

GHSA ID

GHSA-h8w4-qv99-f7vj

EPSS Score

0.60112%

CWE

CWE-269

Published

10/19/2018

Updated

3/4/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.springframework.security.oauth:spring-security-oauth2	maven	>= 2.0.0, < 2.0.16	2.0.16
org.springframework.security.oauth:spring-security-oauth2	maven	>= 2.1.0, < 2.1.3	2.1.3
org.springframework.security.oauth:spring-security-oauth2	maven	>= 2.2.0, < 2.2.3.RELEASE	2.2.3.RELEASE
org.springframework.security.oauth:spring-security-oauth2	maven	>= 2.3.0, < 2.3.4.RELEASE	2.3.4.RELEASE

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient validation of AuthorizationRequest parameters between the initial authorization step and approval submission. The approveOrDeny method in vulnerable versions lacked the critical check comparing current AuthorizationRequest against an immutable original (added via ORIGINAL_AUTHORIZATION_REQUEST_ATTR_NAME in patches). The authorize method's session storage mechanism (using @SessionAttributes) allowed tampering because it didn't store a protected copy. Custom approval endpoints using AuthorizationRequest as a controller argument would inherit this flawed session handling, enabling parameter manipulation. The commits show these methods were modified to add validation and immutable session storage, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sprin* S**urity O*ut*, v*rsions *.* prior to *.*.*, *n* *.* prior to *.*.*, *n* *.* prior to *.*.*, *n* *.* prior to *.*.**, *n* ol**r unsupport** v*rsions *oul* ** sus**pti*l* to * privil*** *s**l*tion un**r **rt*in *on*itions. * m*li*ious us*r or *

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt v*li**tion o* *ut*oriz*tionR*qu*st p*r*m*t*rs **tw**n t** initi*l *ut*oriz*tion st*p *n* *pprov*l su*mission. T** *pprov*Or**ny m*t*o* in vuln*r**l* v*rsions l**k** t** *riti**l ****k *omp*rin* *urr*nt *ut*or

8.1

Basic Information

Concerned about an active attack path?

CVE-2018-15758: Authorization bypass in org.springframework.security.oauth:spring-security-oauth2

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI