Description
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- Spring / Spring Security5.7.0 – 5.7.25
- Spring / Spring Security5.8.0 – 5.8.27
- Spring / Spring Security6.3.0 – 6.3.18
- Spring / Spring Security6.4.0 – 6.4.18
- Spring / Spring Security6.5.0 – 6.5.11