CVE-2018-1258: Incorrect Authorization

May 11, 2018 (updated October 3, 2019)

Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

References

www.securityfocus.com/bid/104222
www.securitytracker.com/id/1041888
www.securitytracker.com/id/1041896
nvd.nist.gov/vuln/detail/CVE-2018-1258
pivotal.io/security/cve-2018-1258

Detect and mitigate CVE-2018-1258 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →