{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13754?format=json","vulnerability_id":"VCID-p649-29wu-syh9","summary":"PlaintextPasswordEncoder authenticates encoded passwords that are null\nSpring Security supports plain text passwords using `PlaintextPasswordEncoder`. a malicious user (or attacker) can authenticate using a password of `null`.","aliases":[{"alias":"CVE-2019-11272"},{"alias":"GHSA-v33x-prhc-gph5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52577?format=json","purl":"pkg:maven/org.springframework/spring-core@4.3.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbwa-qgqv-huhb"},{"vulnerability":"VCID-dr9b-x5uc-4kc7"},{"vulnerability":"VCID-gr6r-t7dy-j3bu"},{"vulnerability":"VCID-hcwq-23dr-gqac"},{"vulnerability":"VCID-hhez-uf3w-yqfa"},{"vulnerability":"VCID-mmyy-zjxr-wbe5"},{"vulnerability":"VCID-mqcm-hd3y-cka5"},{"vulnerability":"VCID-q4a6-q8e8-4bdx"},{"vulnerability":"VCID-yp5s-v1fw-tybv"},{"vulnerability":"VCID-ypb4-mywt-bfac"},{"vulnerability":"VCID-z75k-8ntp-bqh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.3.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/57258?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.13.RELEASE","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.13.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/56744?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/419260?format=json","purl":"pkg:maven/org.springframework/spring-core@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/55747?format=json","purl":"pkg:maven/org.springframework/spring-core@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-txvq-kkgv-jufb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55748?format=json","purl":"pkg:maven/org.springframework/spring-core@4.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/55510?format=json","purl":"pkg:maven/org.springframework/spring-core@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dr9b-x5uc-4kc7"},{"vulnerability":"VCID-m3qs-d7va-vyhn"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework/spring-core@4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56755?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133960?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133961?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133962?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133963?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133964?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133965?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133966?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133967?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.8.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.8.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133968?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.9.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.9.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133969?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.10.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.10.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133970?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.11.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-rg5c-bu77-bkha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.11.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/56758?format=json","purl":"pkg:maven/org.springframework.security/spring-security-cas@4.2.12.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-cas@4.2.12.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/52138?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-mqcm-hd3y-cka5"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"},{"vulnerability":"VCID-yv65-r27g-qkdv"},{"vulnerability":"VCID-z6n9-bp24-vkgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.0.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/52141?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-mqcm-hd3y-cka5"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"},{"vulnerability":"VCID-yv65-r27g-qkdv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.1.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/76808?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.2.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-mqcm-hd3y-cka5"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"},{"vulnerability":"VCID-yv65-r27g-qkdv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.2.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/54168?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-mqcm-hd3y-cka5"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.3.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/54171?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.4.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133756?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.5.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.5.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133757?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.6.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.6.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133758?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.7.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.7.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133759?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.8.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.8.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133760?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.9.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.9.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133761?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.10.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.10.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/133762?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.11.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-rg5c-bu77-bkha"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.11.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/74118?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p649-29wu-syh9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.12"},{"url":"http://public2.vulnerablecode.io/api/packages/57257?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.12.RELEASE","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jfxp-d5zq-3kez"},{"vulnerability":"VCID-p649-29wu-syh9"},{"vulnerability":"VCID-r4cw-fdw4-xfbx"},{"vulnerability":"VCID-tw54-bx43-4fgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.12.RELEASE"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11272","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61431","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11272"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00008.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11272","reference_id":"CVE-2019-11272","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11272"},{"reference_url":"https://pivotal.io/security/cve-2019-11272","reference_id":"CVE-2019-11272","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pivotal.io/security/cve-2019-11272"},{"reference_url":"https://github.com/advisories/GHSA-v33x-prhc-gph5","reference_id":"GHSA-v33x-prhc-gph5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v33x-prhc-gph5"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":522,"name":"Insufficiently Protected Credentials","description":"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":287,"name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p649-29wu-syh9"}