Spring URI Builder Open Redirect / SSRF
CVE-2024-22262 Published on April 16, 2024
CVE-2024-22262: Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Vulnerability Analysis
CVE-2024-22262 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Types
What is an Open Redirect Vulnerability?
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.
CVE-2024-22262 has been classified to as an Open Redirect vulnerability or weakness.
What is a SSRF Vulnerability?
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.
CVE-2024-22262 has been classified to as a SSRF vulnerability or weakness.
Products Associated with CVE-2024-22262
stack.watch emails you whenever new vulnerabilities are published in Oracle or VMware Spring Framework. Just hit a watch button to start following.
Affected Versions
Spring Framework:- Version 6.1.x and below 6.1.6 is affected.
- Version 6.0.x and below 6.0.19 is affected.
- Version 5.3.x and below 5.3.34 is affected.
- Version 6.1.0 and below 6.1.6 is affected.
- Version 6.0.0 and below 6.0.19 is affected.
- Version 5.3.0 and below 5.3.34 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.