CVE-2018-15758: Improper Privilege Management

October 18, 2018 (updated October 3, 2019)

Spring Security OAuth are susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval.

References

www.securityfocus.com/bid/105687
nvd.nist.gov/vuln/detail/CVE-2018-15758
pivotal.io/security/cve-2018-15758

Code Behaviors & Features

Detect and mitigate CVE-2018-15758 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →