CVE-2023-34042 - OpenCVE

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Spring Security

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security:5.7.9:::::::*
	cpe:2.3:a:vmware:spring_security:5.7.10:::::::*

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2023-34042
https://spring.io/security/cve-2023-34042
https://www.cve.org/CVERecord?id=CVE-2023-34042

History

No history.

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-02-05T22:00:01.075Z

Updated: 2024-08-02T15:54:14.171Z

Reserved: 2023-05-25T17:21:56.202Z

Link: CVE-2023-34042

Vulnrichment

Updated: 2024-08-02T15:54:14.171Z

NVD

Status : Analyzed

Published: 2024-02-05T22:15:55.210

Modified: 2024-02-12T20:45:24.537

Link: CVE-2023-34042

Redhat

Severity : Moderate

Publid Date: 2024-02-05T00:00:00Z

Links: CVE-2023-34042 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34042", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2023-05-25T17:21:56.202Z", "datePublished": "2024-02-05T22:00:01.075Z", "dateUpdated": "2024-08-02T15:54:14.171Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Spring Security", "vendor": "N/A", "versions": [{"status": "affected", "version": "Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n<div><p>The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.</p>\n<p>While there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.</p></div>\n\n"}], "value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Incorrect Permission Assignment for spring-security.xsd", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-02-05T22:00:01.075Z"}, "references": [{"url": "https://spring.io/security/cve-2023-34042"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34042", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T16:00:46.931733Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:55.211Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:54:14.171Z"}, "title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2023-34042", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2023-34042", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:54:14.171Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34042", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T16:00:46.931733Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:44.411Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "N/A", "product": "Spring Security", "versions": [{"status": "affected", "version": "Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://spring.io/security/cve-2023-34042"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n<div><p>The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.</p>\n<p>While there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.</p></div>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect Permission Assignment for spring-security.xsd"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-02-05T22:00:01.075Z"}}}, "cveMetadata": {"cveId": "CVE-2023-34042", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:54:14.171Z", "dateReserved": "2023-05-25T17:21:56.202Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-02-05T22:00:01.075Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C39570F8-3624-4CC5-AFC0-E45B060BDEAF", "versionEndExcluding": "5.8.7", "versionStartIncluding": "5.8.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D26A2C2D-651A-4696-A7EF-36172BDA70FE", "versionEndExcluding": "6.0.7", "versionStartIncluding": "6.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AA03FA3-ACE0-4B22-B084-DEC834EB2F5A", "versionEndExcluding": "6.1.4", "versionStartIncluding": "6.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "61397AD3-0A8F-4B9A-9B66-E27CA64392A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:5.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "E23F4313-761C-4A30-A891-156EFF583822", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"}, {"lang": "es", "value": "El archivo spring-security.xsd dentro del jar spring-security-config se puede escribir en todo el mundo, lo que significa que si se extrajera, cualquier persona con acceso al sistema de archivos podr\u00eda escribirlo. Si bien no se conocen exploits, este es un ejemplo de \"CWE-732: Asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos\" y podr\u00eda resultar en un exploit. Los usuarios deben actualizar a la \u00faltima versi\u00f3n de Spring Security para mitigar cualquier vulnerabilidad futura que se encuentre en torno a este problema."}], "id": "CVE-2023-34042", "lastModified": "2024-02-12T20:45:24.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-02-05T22:15:55.210", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2023-34042"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "spring-security-config: Incorrect Permission Assignment for spring-security.xsd", "id": "2262911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262911"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-732", "details": ["The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\nextracted it could be written by anyone with access to the file system.\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.", "A flaw was found in the Spring-security-config jar file. The spring-security.xsd file inside the spring-security-config jar is world-writable, which means that if it were extracted, it could be written by anyone with access to the file system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-34042", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "spring-security-config", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Not affected", "package_name": "spring-security-config", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "spring-security-config", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "spring-security-config", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "spring-security-config", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "spring-security-config", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "spring-security-config", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/pluginregistry-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Will not fix", "package_name": "spring-security-config", "product_name": "streams for Apache Kafka"}], "public_date": "2024-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-34042\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34042\nhttps://spring.io/security/cve-2023-34042"], "threat_severity": "Moderate", "upstream_fix": "spring-security-config 6.1.4, spring-security-config 6.0.7, spring-security-config 5.8.7, spring-security-config 5.7.11"}