9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31692

GHSA ID

GHSA-mmmh-wcxm-2wr4

EPSS Score

0.90535%

CWE

CWE-863

Published

11/1/2022

Updated

1/31/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31692

CVE-2022-31692: Spring Security authorization rules can be bypassed via forward or include dispatcher types

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31692

GHSA ID

GHSA-mmmh-wcxm-2wr4

EPSS Score

0.90535%

CWE

CWE-863

Published

11/1/2022

Updated

1/31/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.springframework.security:spring-security-core	maven	>= 5.7.0, < 5.7.5	5.7.5
org.springframework.security:spring-security-core	maven	>= 5.6.0, < 5.6.9	5.6.9

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the interaction between AuthorizationFilter's request-processing logic and dispatcher-type configuration. The doFilterInternal method in AuthorizationFilter is designed to apply security checks but skips re-authorization on FORWARD/INCLUDE dispatchers when observeOncePerRequest=true. The shouldFilterAllDispatcherTypes() configuration method creates a vulnerable state by enabling filtering for all dispatcher types without properly handling re-authorization in forwarded requests. These functions are explicitly referenced in the vulnerability's preconditions (use of AuthorizationFilter via authorizeHttpRequests() and configuration of dispatcher types), and the mitigation involves modifying their behavior (disabling observeOncePerRequest).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Sprin* S**urity, v*rsions *.* prior to *.*.* *n* *.* prior to *.*.* *oul* ** sus**pti*l* to *ut*oriz*tion rul*s *yp*ss vi* *orw*r* or in*lu** *isp*t***r typ*s. Sp**i*i**lly, *n *ppli**tion is vuln*r**l* w**n *ll o* t** *ollowin* *r* tru*: T** *ppli**

Reasoning

T** vuln*r**ility st*ms *rom t** int*r**tion **tw**n *ut*oriz*tion*ilt*r's r*qu*st-pro**ssin* lo*i* *n* *isp*t***r-typ* *on*i*ur*tion. T** *o*ilt*rInt*rn*l m*t*o* in *ut*oriz*tion*ilt*r is **si*n** to *pply s**urity ****ks *ut skips r*-*ut*oriz*tion

9.8

Basic Information

Concerned about an active attack path?

CVE-2022-31692: Spring Security authorization rules can be bypassed via forward or include dispatcher types

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI