CVE-2018-1260
Description
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
61.665
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 2.3.3 | Windows |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 2.2.2 | Windows |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 2.1.2 | Windows |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 2.0.15 | Windows |
| Vulnerabilities CVE-2018-1260 are affected in Spring-security-oauth2 1.0.5 | Windows |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 for Linux 2.3.3 | Linux |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 for Linux 2.2.2 | Linux |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 for Linux 2.1.2 | Linux |
| Vulnerabilities CVE-2018-1260 are fixed in Spring-security-oauth2 for Linux 2.0.15 | Linux |
| Vulnerabilities CVE-2018-1260 are affected in Spring-security-oauth2 for Linux 1.0.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234