CVE-2018-15801 in Pivotal Software and VMware Products
Published on December 19, 2018

Authorization Bypass During JWT Issuer Validation with spring-security

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.

NVD

Products Associated with CVE-2018-15801

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-15801 are published in these products:

Pivotal Software Spring Framework

VMware Spring Framework

Affected Versions

Spring by Pivotal Spring Security:

Version 5.1.x and below 5.1.2 is affected.

Exploit Probability

EPSS

0.12%

Percentile

31.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-15801 in Pivotal Software and VMware ProductsPublished on December 19, 2018

Products Associated with CVE-2018-15801

Affected Versions

Exploit Probability

CVE-2018-15801 in Pivotal Software and VMware Products
Published on December 19, 2018