CVE-2023-34042 - OpenCVE

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Spring Security

Configuration 1 [-]

OR	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security::::::::
	cpe:2.3:a:vmware:spring_security:5.7.9:::::::*
	cpe:2.3:a:vmware:spring_security:5.7.10:::::::*

References

Link	Resource
https://spring.io/security/cve-2023-34042	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2024-02-05T22:00:01.075Z

Updated: 2024-07-05T17:22:55.211Z

Reserved: 2023-05-25T17:21:56.202Z

Link: CVE-2023-34042

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-05T22:15:55.210

Modified: 2024-02-12T20:45:24.537

Link: CVE-2023-34042

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-34042", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2023-05-25T17:21:56.202Z", "datePublished": "2024-02-05T22:00:01.075Z", "dateUpdated": "2024-07-05T17:22:55.211Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Spring Security", "vendor": "N/A", "versions": [{"status": "affected", "version": "Spring Security 6.1.x prior to 6.1.4, Spring Security 6.0.x prior to 6.0.7, Spring Security 5.8.x prior to 5.8.7, Spring Security 5.7.x prior to 5.7.11"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n<div><p>The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.</p>\n<p>While there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.</p></div>\n\n"}], "value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Incorrect Permission Assignment for spring-security.xsd", "lang": "en"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-02-05T22:00:01.075Z"}, "references": [{"url": "https://spring.io/security/cve-2023-34042"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-34042", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T16:00:46.931733Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:55.211Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C39570F8-3624-4CC5-AFC0-E45B060BDEAF", "versionEndExcluding": "5.8.7", "versionStartIncluding": "5.8.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "D26A2C2D-651A-4696-A7EF-36172BDA70FE", "versionEndExcluding": "6.0.7", "versionStartIncluding": "6.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AA03FA3-ACE0-4B22-B084-DEC834EB2F5A", "versionEndExcluding": "6.1.4", "versionStartIncluding": "6.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:5.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "61397AD3-0A8F-4B9A-9B66-E27CA64392A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_security:5.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "E23F4313-761C-4A30-A891-156EFF583822", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The spring-security.xsd file inside the \nspring-security-config jar is world writable which means that if it were\n extracted it could be written by anyone with access to the file system.\n\n\nWhile there are no known exploits, this is an example of \u201cCWE-732: \nIncorrect Permission Assignment for Critical Resource\u201d and could result \nin an exploit. Users should update to the latest version of Spring \nSecurity to mitigate any future exploits found around this issue.\n\n\n\n\n\n"}, {"lang": "es", "value": "El archivo spring-security.xsd dentro del jar spring-security-config se puede escribir en todo el mundo, lo que significa que si se extrajera, cualquier persona con acceso al sistema de archivos podr\u00eda escribirlo. Si bien no se conocen exploits, este es un ejemplo de \"CWE-732: Asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos\" y podr\u00eda resultar en un exploit. Los usuarios deben actualizar a la \u00faltima versi\u00f3n de Spring Security para mitigar cualquier vulnerabilidad futura que se encuentre en torno a este problema."}], "id": "CVE-2023-34042", "lastModified": "2024-02-12T20:45:24.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-02-05T22:15:55.210", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2023-34042"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}