Main Vulnerability Database Exploits ID:5919 - Exploit for Insufficient verification of data authenticity in Spring Security OAuth - CVE-2019-11269

ID:5919 - Exploit for Insufficient verification of data authenticity in Spring Security OAuth - CVE-2019-11269

Published: June 17, 2021

Vulnerability identifier: #VU18660

Vulnerability risk: Medium

CVE-ID: CVE-2019-11269

CWE-ID: CWE-345

Exploitation vector: Remote access

Vulnerable software:
Spring Security OAuth

Link to public exploit:

https://www.exploit-db.com/exploits/47000/

Vulnerability description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to the application relies on the URL passed via the "redirect_uri" parameter. A remote attacker can create a specially crafted link that once clicked will cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker after successful authentication. As a result the attacker can gain authorization code and bypass OAuth authentication.

Remediation

Install updates from vendor's website.

ID:5919 - Exploit for Insufficient verification of data authenticity in Spring Security OAuth - CVE-2019-11269

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human