Home

CVE-2011-2731

Description

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.295

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core 2.0.7Windows
Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core 3.0.6Windows
Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core for Linux 2.0.7Linux
Vulnerabilities CVE-2011-2732,CVE-2011-2731,CVE-2011-2894 are fixed in Spring-security-core for Linux 3.0.6Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234