{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-22262", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:17.077Z", "datePublished": "2024-04-16T05:54:12.786Z", "dateUpdated": "2024-08-27T13:57:23.898Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Spring Framework", "vendor": "Spring", "versions": [{"lessThan": "6.1.6", "status": "affected", "version": "6.1.x", "versionType": "6.1.6"}, {"lessThan": "6.0.19", "status": "affected", "version": "6.0.x", "versionType": "6.0.19"}, {"lessThan": "5.3.34", "status": "affected", "version": "5.3.x", "versionType": "5.3.34"}]}], "datePublic": "2024-04-11T05:49:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><p>Applications that use <code>UriComponentsBuilder</code>&nbsp;to parse an externally provided URL (e.g. through a query parameter) <em>AND</em>&nbsp;perform validation checks on the host of the parsed URL may be vulnerable to a <a target=\"_blank\" rel=\"nofollow\" href=\"https://cwe.mitre.org/data/definitions/601.html\">open redirect</a>&nbsp;attack or to a SSRF attack if the URL is used after passing validation checks.</p><p>This is the same as <a target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22259\">CVE-2024-22259</a>&nbsp;and <a target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22243\">CVE-2024-22243</a>, but with different input.</p></div></div><div><br></div><br>"}], "value": "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \u00a0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-04-16T05:54:12.786Z"}, "references": [{"url": "https://spring.io/security/cve-2024-22262"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0003/"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2024-22262: Spring Framework URL Parsing with Host Validation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "affected": [{"vendor": "vmware", "product": "spring_framework", "cpes": ["cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.1.0", "status": "affected", "lessThan": "6.1.6", "versionType": "custom"}, {"version": "6.0.0", "status": "affected", "lessThan": "6.0.19", "versionType": "custom"}, {"version": "5.3.0", "status": "affected", "lessThan": "5.3.34", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T03:55:13.901114Z", "id": "CVE-2024-22262", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T13:57:23.898Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:33.714Z"}, "title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2024-22262", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0003/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2024-22262", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:33.714Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-27T03:55:13.901114Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "spring_framework", "versions": [{"status": "affected", "version": "6.1.0", "lessThan": "6.1.6", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.0.19", "versionType": "custom"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.34", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T21:24:11.315Z"}}], "cna": {"title": "CVE-2024-22262: Spring Framework URL Parsing with Host Validation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Spring", "product": "Spring Framework", "versions": [{"status": "affected", "version": "6.1.x", "lessThan": "6.1.6", "versionType": "6.1.6"}, {"status": "affected", "version": "6.0.x", "lessThan": "6.0.19", "versionType": "6.0.19"}, {"status": "affected", "version": "5.3.x", "lessThan": "5.3.34", "versionType": "5.3.34"}], "defaultStatus": "affected"}], "datePublic": "2024-04-11T05:49:00.000Z", "references": [{"url": "https://spring.io/security/cve-2024-22262"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0003/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \u00a0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n", "supportingMedia": [{"type": "text/html", "value": "<div><div><p>Applications that use <code>UriComponentsBuilder</code>&nbsp;to parse an externally provided URL (e.g. through a query parameter) <em>AND</em>&nbsp;perform validation checks on the host of the parsed URL may be vulnerable to a <a target=\"_blank\" rel=\"nofollow\" href=\"https://cwe.mitre.org/data/definitions/601.html\">open redirect</a>&nbsp;attack or to a SSRF attack if the URL is used after passing validation checks.</p><p>This is the same as <a target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22259\">CVE-2024-22259</a>&nbsp;and <a target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22243\">CVE-2024-22243</a>, but with different input.</p></div></div><div><br></div><br>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-04-16T05:54:12.786Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22262", "state": "PUBLISHED", "dateUpdated": "2024-08-27T13:57:23.898Z", "dateReserved": "2024-01-08T18:43:17.077Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-04-16T05:54:12.786Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \u00a0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n"}, {"lang": "es", "value": "Las aplicaciones que utilizan UriComponentsBuilder para analizar una URL proporcionada externamente (por ejemplo, a trav\u00e9s de un par\u00e1metro de consulta) Y realizan comprobaciones de validaci\u00f3n en el host de la URL analizada pueden ser vulnerables a una redirecci\u00f3n abierta https://cwe.mitre.org/data/definitions/601 .html o a un ataque SSRF si la URL se utiliza despu\u00e9s de pasar las comprobaciones de validaci\u00f3n. Esto es lo mismo que CVE-2024-22259 https://spring.io/security/cve-2024-22259 y CVE-2024-22243 https://spring.io/security/cve-2024-22243, pero con diferentes aporte."}], "id": "CVE-2024-22262", "lastModified": "2024-08-27T14:35:01.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-04-16T06:15:46.270", "references": [{"source": "security@vmware.com", "url": "https://security.netapp.com/advisory/ntap-20240524-0003/"}, {"source": "security@vmware.com", "url": "https://spring.io/security/cve-2024-22262"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}, {"lang": "en", "value": "CWE-918"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3708", "cpe": "cpe:/a:redhat:apache_camel_spring_boot:3.20.6", "package": "springframework", "product_name": "Red Hat build of Apache Camel 3.20.6 for Spring Boot", "release_date": "2024-06-06T00:00:00Z"}], "bugzilla": {"description": "springframework: URL Parsing with Host Validation", "id": "2275257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275257"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-601", "details": ["Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\nThis is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \u00a0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.", "A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL is used after passing validation checks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-22262", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "springframework", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Affected", "package_name": "springframework", "product_name": "Red Hat build of Apache Camel for Spring Boot"}, {"cpe": "cpe:/a:redhat:rhboac_hawtio:4", "fix_state": "Affected", "package_name": "springframework", "product_name": "Red Hat build of Apache Camel - HawtIO"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "impact": "moderate", "package_name": "springframework", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "springframework", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "springframework", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "springframework", "product_name": "streams for Apache Kafka"}], "public_date": "2024-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-22262\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-22262\nhttps://spring.io/security/cve-2024-22262"], "statement": "Red Hat Fuse 7 does not use the affected function, but the function is still available for user convenience which demands one to validate the input.", "threat_severity": "Important", "upstream_fix": "springframework 6.1.6, springframework 6.0.19, springframework 5.3.34"}