CVE-2019-3795 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE

Question

CVE-2019-3795 @ Maven-org.springframework.security:spring-security-core-3.2.4.RELEASE

Opened this issue 7 months ago · 0 comments

cristovaoolegario commented 7 months ago

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2019-3795
Checkmarx Project: cristovaoolegario/astlab
Repository URL: https://github.com/cristovaoolegario/astlab
Branch: main
Scan ID: 39e7da3c-31d5-48d8-8e52-19c01426aaab

Spring Security before version 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 5.7.12