Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CVE-2024-22258: PKCE Downgrade in Spring Authorization Server
Vulnerability Description
Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
Spring Authorization Server 安全漏洞
Vulnerability Description
VMware Spring Authorization Server是美国威睿(VMware)公司的一个用于构建安全的 OAuth 2.0 和 OpenID Connect 1.0 授权服务器的框架。 Spring Authorization Server存在安全漏洞,该漏洞源于当机密客户端使用PKCE授权代码时,应用程序易受PKCE降级攻击。受影响的产品和版本:Spring Authorization Server 1.0.0至1.0.5版本,1.1.0至1.1.5版本,1.2.0至1.2.2版本。
CVSS Information
N/A
Vulnerability Type
N/A