What is CVE-2018-1258?

CVE-2018-1258 is a vulnerability in Pivotal Spring Framework. Published 2018-05-11.

Is CVE-2018-1258 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Pivotal Spring Framework

CVE-2018-1258

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be…

EPSS: 0.003 (50.3th percentile) — read the EPSS interpretation.

Affected products

Pivotal Spring Framework — versions 5.0.5

Public proof-of-concept exploits

References

104222 (vdb-entry, x_refsource_BID)
1041888 (vdb-entry, x_refsource_SECTRACK)
1041896 (vdb-entry, x_refsource_SECTRACK)
RHSA-2019:2413 (x_refsource_REDHAT, vendor-advisory)
www.oracle.com/security-alerts/cpuapr2020.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html (x_refsource_CONFIRM)
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (x_refsource_CONFIRM)
www.oracle.com/security-alerts/cpujul2020.html (x_refsource_MISC)
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html (x_refsource_CONFIRM)
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-1258?: CVE-2018-1258 is a vulnerability in Pivotal Spring Framework. Published 2018-05-11.
Is CVE-2018-1258 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.