admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-10 18:00:32 +00:00
parent 61ecb73d94
commit d26aae762f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
1 changed files with 113 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
2025/22xxx/CVE-2025-22232.json
View File

@ -1,17 +1,126 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22232", "ID": "CVE-2025-22232",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@vmware.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN\u00a0header when making requests to Vault.\nYour application may be affected by this if the following are true:\n * You have Spring Vault on the classpath of your Spring Cloud Config Server and\n * You are using the X-CONFIG-TOKEN\u00a0header to send a Vault token to the Spring Cloud Config Server for the Config Server to use when making requests to Vault and\n * You are using the default Spring Vault SessionManager\u00a0implementation LifecycleAwareSessionManager\u00a0or a SessionManager\u00a0implementation that persists the Vault token such as SimpleSessionManager.\n\nIn this case the SessionManager\u00a0persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN\u00a0header with a different value.\nAffected Spring Products and Versions\nSpring Cloud Config:\n * 2.2.1.RELEASE - 4.2.1\n\n\nMitigation\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix versionAvailability4.2.x4.2.2OSS4.1.x4.1.6OSS4.0.x4.0.10Commercial3.1.x3.1.10Commercial3.0.x4.1.6OSS2.2.x4.1.6OSS\nNOTE: Spring Cloud Config 3.0.x and 2.2.x are no longer under open source or commercial support. Users of these versions are encouraged to upgrade to a supported version.\n\nNo other mitigation steps are necessary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Spring",
"product": {
"product_data": [
{
"product_name": "Spring Cloud Config",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.2.x",
"version_value": "4.2.2"
},
{
"version_affected": "<",
"version_name": "4.1.x",
"version_value": "4.1.6"
},
{
"version_affected": "<",
"version_name": "4.0.x",
"version_value": "4.0.10"
},
{
"version_affected": "<",
"version_name": "3.1.x",
"version_value": "3.1.10"
},
{
"version_affected": "<",
"version_name": "3.0.x",
"version_value": "4.1.6"
},
{
"version_affected": "<",
"version_name": "2.2.x",
"version_value": "4.1.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://spring.io/security/cve-2025-22232",
"refsource": "MISC",
"name": "https://spring.io/security/cve-2025-22232"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>If you cannot upgrade, then you can either:</p><ol><li>Remove Spring Vault from the classpath if it is not needed or</li><li>Implement your own <code>SessionManager</code>&nbsp;that does not persist the Vault token and provide a bean using that implementation in a <code>@Configuration</code>&nbsp;class. For example:</li></ol><br><tt><br>public class StatelessSessionManager implements SessionManager {<br><br>&nbsp; private final ClientAuthentication clientAuthentication;<br><br>&nbsp; private final ReentrantLock lock = new ReentrantLock();<br><br>&nbsp; public StatelessSessionManager(ClientAuthentication clientAuthentication) {<br>&nbsp; &nbsp; Assert.notNull(clientAuthentication, \"ClientAuthentication must not be null\");<br>&nbsp; &nbsp; this.clientAuthentication = clientAuthentication;<br>&nbsp; }<br><br>&nbsp; public VaultToken getSessionToken() {<br>&nbsp; &nbsp; this.lock.lock();<br>&nbsp; &nbsp; try {<br>&nbsp; &nbsp; &nbsp; return this.clientAuthentication.login();<br>&nbsp; &nbsp; }<br>&nbsp; &nbsp; finally {<br>&nbsp; &nbsp; &nbsp; this.lock.unlock();<br>&nbsp; &nbsp; }<br>&nbsp; }<br><br>}<br><br>@Configuration<br>public class MySessionManagerConfiguration extends SpringVaultClientConfiguration {<br><br>&nbsp; private final VaultEnvironmentProperties vaultProperties;<br><br>&nbsp; public MySessionManagerConfiguration(VaultEnvironmentProperties vaultProperties, ConfigTokenProvider configTokenProvider, List&lt;springvaultclientauthenticationprovider&gt; authProviders) {<br>&nbsp; &nbsp; super(vaultProperties, configTokenProvider, authProviders);<br>&nbsp; &nbsp; this.vaultProperties = vaultProperties;<br>&nbsp; }<br><br>&nbsp; @Bean<br>&nbsp; @Primary<br>&nbsp; public SessionManager sessionManager() {<br>&nbsp; &nbsp; if (vaultProperties.getAuthentication() == null &amp;&amp; !StringUtils.hasText(vaultProperties.getToken())) {<br>&nbsp; &nbsp; &nbsp; return new StatelessSessionManager(clientAuthentication());<br>&nbsp; &nbsp; }<br>&nbsp; &nbsp; return super.sessionManager();<br>&nbsp; }<br>}<br>&lt;/springvaultclientauthenticationprovider&gt;<br></tt><br>"
}
],
"value": "If you cannot upgrade, then you can either:\n\n * Remove Spring Vault from the classpath if it is not needed or\n * Implement your own SessionManager\u00a0that does not persist the Vault token and provide a bean using that implementation in a @Configuration\u00a0class. For example:\n\n\npublic class StatelessSessionManager implements SessionManager {\n\n\u00a0 private final ClientAuthentication clientAuthentication;\n\n\u00a0 private final ReentrantLock lock = new ReentrantLock();\n\n\u00a0 public StatelessSessionManager(ClientAuthentication clientAuthentication) {\n\u00a0 \u00a0 Assert.notNull(clientAuthentication, \"ClientAuthentication must not be null\");\n\u00a0 \u00a0 this.clientAuthentication = clientAuthentication;\n\u00a0 }\n\n\u00a0 public VaultToken getSessionToken() {\n\u00a0 \u00a0 this.lock.lock();\n\u00a0 \u00a0 try {\n\u00a0 \u00a0 \u00a0 return this.clientAuthentication.login();\n\u00a0 \u00a0 }\n\u00a0 \u00a0 finally {\n\u00a0 \u00a0 \u00a0 this.lock.unlock();\n\u00a0 \u00a0 }\n\u00a0 }\n\n}\n\n@Configuration\npublic class MySessionManagerConfiguration extends SpringVaultClientConfiguration {\n\n\u00a0 private final VaultEnvironmentProperties vaultProperties;\n\n\u00a0 public MySessionManagerConfiguration(VaultEnvironmentProperties vaultProperties, ConfigTokenProvider configTokenProvider, List<springvaultclientauthenticationprovider> authProviders) {\n\u00a0 \u00a0 super(vaultProperties, configTokenProvider, authProviders);\n\u00a0 \u00a0 this.vaultProperties = vaultProperties;\n\u00a0 }\n\n\u00a0 @Bean\n\u00a0 @Primary\n\u00a0 public SessionManager sessionManager() {\n\u00a0 \u00a0 if (vaultProperties.getAuthentication() == null && !StringUtils.hasText(vaultProperties.getToken())) {\n\u00a0 \u00a0 \u00a0 return new StatelessSessionManager(clientAuthentication());\n\u00a0 \u00a0 }\n\u00a0 \u00a0 return super.sessionManager();\n\u00a0 }\n}\n</springvaultclientauthenticationprovider>"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
} }
] ]
} }