Title: CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE · Issue #19 · DefenderForCodeOrg/astlab · GitHub
Open Graph Title: CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE · Issue #19 · DefenderForCodeOrg/astlab
X Title: CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE · Issue #19 · DefenderForCodeOrg/astlab
Description: Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main Spring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an applicatio...
Open Graph Description: Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main Spring Security, versions through 4.2.12 support plain text passwords using Pl...
X Description: Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main Spring Security, versions through 4.2.12 support plain text passwords using Pl...
Opengraph URL: https://github.com/DefenderForCodeOrg/astlab/issues/19
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2019-11272 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE","articleBody":"**Vulnerable Package** issue exists @ **Maven\\-org\\.springframework\\.security:spring\\-security\\-core\\-3\\.2\\.4\\.RELEASE** in branch **main**\r\n\r\nSpring Security, versions through 4.2.12 support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of \"null\".\r\n\r\n**Namespace:** James-AST\r\n**Repository:** astlab\r\n**Repository Url:** https://github.com/James-AST/astlab\r\n**CxAST\\-Project:** James-AST/astlab\r\n**CxAST platform scan:** [8d73a497\\-bbc7\\-4126\\-b536\\-ea634bc032dd](https://ast.checkmarx.net/projects/f9affdfe-1e7c-4bfc-a40a-f266cde328d3/scans?id=8d73a497-bbc7-4126-b536-ea634bc032dd\u0026branch=main)\r\n**Branch:** main\r\n**Application:** astlab\r\n**Severity:** HIGH\r\n**State:** NOT_IGNORED\r\n**Status:** RECURRENT\r\n**CWE:** CWE-255\r\n\r\n\r\n----\r\n**Addition Info**\r\n**Attack vector:** NETWORK\r\n**Attack complexity:** LOW\r\n**Confidentiality impact:** LOW\r\n**Availability impact:** LOW\r\n**Remediation Upgrade Recommendation:** 4.2.16.RELEASE\r\n\r\n\r\n----\r\n**References**\r\n[Advisory](https://pivotal.io/security/cve-2019-11272)\r\n[Commit](https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee#diff-1077c52b04fb584eef7773921b93dd34)\r\n[Issue](https://github.com/spring-projects/spring-security/issues/7023)\r\n","author":{"url":"https://github.com/jbrotsos","@type":"Person","name":"jbrotsos"},"datePublished":"2022-04-26T16:35:55.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/19/astlab/issues/19"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:925a5d1b-6d1c-7741-c466-5f77029f5c8d |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 97AA:33661E:55994C:73A43D:6A5A7851 |
| html-safe-nonce | 9d8ef4ef089f9b57e19c1120d13784c71526d00b58b42a2fc5a90541541510da |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5N0FBOjMzNjYxRTo1NTk5NEM6NzNBNDNEOjZBNUE3ODUxIiwidmlzaXRvcl9pZCI6IjM1MTMxMTY5MDE1MzM5NzI1NjEiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | f6ed611aa568895975e9693d2bec8f1791ea99a65ea53903fe190d6ec5c53a06 |
| hovercard-subject-tag | issue:1216210365 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/DefenderForCodeOrg/astlab/19/issue_layout |
| twitter:image | https://opengraph.githubassets.com/d2fa43e3ead6260639d1357b2369a7a8f5c5776f7bddca5a2d01d8464f89a618/DefenderForCodeOrg/astlab/issues/19 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/d2fa43e3ead6260639d1357b2369a7a8f5c5776f7bddca5a2d01d8464f89a618/DefenderForCodeOrg/astlab/issues/19 |
| og:image:alt | Vulnerable Package issue exists @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE in branch main Spring Security, versions through 4.2.12 support plain text passwords using Pl... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jbrotsos |
| hostname | github.com |
| expected-hostname | github.com |
| None | 922bdba685ea48400234d557977f0e32d9adbae6f5125725b4f48cacc6801106 |
| turbo-cache-control | no-preview |
| go-import | github.com/DefenderForCodeOrg/astlab git https://github.com/DefenderForCodeOrg/astlab.git |
| octolytics-dimension-user_id | 83890223 |
| octolytics-dimension-user_login | DefenderForCodeOrg |
| octolytics-dimension-repository_id | 458868217 |
| octolytics-dimension-repository_nwo | DefenderForCodeOrg/astlab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 458868217 |
| octolytics-dimension-repository_network_root_nwo | DefenderForCodeOrg/astlab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 0437efb828a4041956ce45d1f7fe69fff38926c7 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width