5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-11269

GHSA ID

GHSA-mmf6-6597-3v6m

EPSS Score

0.90788%

CWE

CWE-601

Published

6/13/2019

Updated

5/14/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-11269

CVE-2019-11269: Open Redirect in Spring Security OAuth

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-11269

GHSA ID

GHSA-mmf6-6597-3v6m

EPSS Score

0.90788%

CWE

CWE-601

Published

6/13/2019

Updated

5/14/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.springframework.security.oauth:spring-security-oauth	maven	>= 2.0.0.RELEASE, < 2.0.18.RELEASE	2.0.18.RELEASE
org.springframework.security.oauth:spring-security-oauth	maven	>= 2.1.0.RELEASE, < 2.1.5.RELEASE	2.1.5.RELEASE
org.springframework.security.oauth:spring-security-oauth	maven	>= 2.2.0.RELEASE, < 2.2.5.RELEASE	2.2.5.RELEASE
org.springframework.security.oauth:spring-security-oauth	maven	>= 2.3.0.RELEASE, < 2.3.6.RELEASE	2.3.6.RELEASE

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability root cause is in redirect URI validation logic handled by DefaultRedirectResolver. Runtime detection would show this method processing attacker-controlled redirect_uri parameters. The Pivotal advisory explicitly identifies DefaultRedirectResolver as the vulnerable component when used in AuthorizationEndpoint configurations. While no direct patch diffs are shown, the mitigation requires updating this class to enforce exact redirect URI matching.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sprin* S**urity O*ut* v*rsions *.* prior to *.*.*, *.* prior to *.*.*, *.* prior to *.*.*, *n* *.* prior to *.*.**, *s w*ll *s ol**r unsupport** v*rsions *oul* ** sus**pti*l* to *n op*n r**ir**tor *tt**k t**t **n l**k *n *ut*oriz*tion *o**. * m*li*io

Reasoning

T** vuln*r**ility root **us* is in r**ir**t URI v*li**tion lo*i* **n*l** *y `****ultR**ir**tR*solv*r`. Runtim* **t**tion woul* s*ow t*is m*t*o* pro**ssin* *tt**k*r-*ontroll** `r**ir**t_uri` p*r*m*t*rs. T** Pivot*l **visory *xpli*itly i**nti*i*s `****

5.4

Basic Information

Concerned about an active attack path?

CVE-2019-11269: Open Redirect in Spring Security OAuth

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI