Candidate: CVE-2018-1258
PublicDate: 2018-05-11 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1258
 https://pivotal.io/security/cve-2018-1258
Description:
 Spring Framework version 5.0.5 when used in combination with any versions
 of Spring Security contains an authorization bypass when using method
 security. An unauthorized malicious user can gain unauthorized access to
 methods that should be restricted.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libspring-security-2.0-java:
upstream_libspring-security-2.0-java: needs-triage
precise/esm_libspring-security-2.0-java: DNE
trusty_libspring-security-2.0-java: ignored (reached end-of-life)
trusty/esm_libspring-security-2.0-java: DNE (trusty was needs-triage)
xenial_libspring-security-2.0-java: DNE
artful_libspring-security-2.0-java: DNE
bionic_libspring-security-2.0-java: DNE
cosmic_libspring-security-2.0-java: DNE
disco_libspring-security-2.0-java: DNE
devel_libspring-security-2.0-java: DNE