CVE-2011-2731

Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.

Published: Dec 5, 2012
Updated: May 9, 2024
CVE: CVE-2011-2731
GHSA: GHSA-4644-hg35-55m9
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
vmware / springsource_spring_security	3.0.0	3.0.0.x
vmware / springsource_spring_security	3.0.2	3.0.2.x
vmware / springsource_spring_security	2.0.3	2.0.3.x
vmware / springsource_spring_security	-	3.0.5.x
vmware / springsource_spring_security	-	2.0.6.x
vmware / springsource_spring_security	2.0.5	2.0.5.x
vmware / springsource_spring_security	2.0.2	2.0.2.x
vmware / springsource_spring_security	2.0.0	2.0.0.x
vmware / springsource_spring_security	3.0.3	3.0.3.x
vmware / springsource_spring_security	2.0.1	2.0.1.x
vmware / springsource_spring_security	3.0.1	3.0.1.x
vmware / springsource_spring_security	2.0.4	2.0.4.x
vmware / springsource_spring_security	3.0.4	3.0.4.x
org.springframework.security / spring-security-core	-	2.0.7
org.springframework.security / spring-security-core	3.0.0	3.0.6

Vulnerability Database

289,697

CVE-2011-2731