CVE-2022-22969

Published: Apr 21, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.

Vendor	Product	Versions
n/a	Spring Security OAuth	affected `<affected versions> Spring Security OAuth 2.5.x prior to 2.5.2 and older unsupported versions`

References

https://tanzu.vmware.com/security/cve-2022-22969

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-22969

Description

Affected Products

References