Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-y82q-fr9b-gyf2

Summary

spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorization Server which can lead to a privilege escalation on the subsequent approval. This scenario can happen if the Authorization Server responds with an OAuth2 Access Token Response containing an empty scope list (per RFC 6749, Section 5.1) on the subsequent request to the token endpoint to obtain the access token.

Aliases

alias	CVE-2022-31690

alias	GHSA-32vj-v39g-jh23

Fixed_packages

url	pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.9
purl	pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.9

url	pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.5
purl	pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.5

Affected_packages

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.2.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.8.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.8.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.9.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.9.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.10.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.10.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.11.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.11.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.12.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.12.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.12.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.13.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.13.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.13.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.14.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.14.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.14.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.15.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.15.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.15.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.16.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.16.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.16.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.17.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.17.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.17.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.18.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.18.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.18.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.19.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.19.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.0.19.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.2.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.8.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.8.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.9.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.9.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.10.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.10.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.11.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.11.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.12.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.12.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.12.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.13.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.13.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.1.13.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.2.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.8.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.8.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.9.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.9.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.10.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.10.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.11.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.11.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.12.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.12.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.12.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.13.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.13.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.13.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.14.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.14.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.14.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.15.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.15.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.2.15.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.0.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.0.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.0.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.1.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.1.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.1.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.2.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.2.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.2.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.3.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.3.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.3.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.4.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.4.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.4.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.5.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.5.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.5.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.6.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.6.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.6.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.7.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.7.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.7.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.8.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.8.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.8.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.9.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.9.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.9.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.10.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.10.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.10.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.11.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.11.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.11.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.12.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.12.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.12.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.13.RELEASE

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.13.RELEASE

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.3.13.RELEASE

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.0

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

vulnerability	VCID-ykkv-ahjn-d7eb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.0

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.1

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.1

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.2

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.2

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.3

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.3

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.4

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.4

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.5

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.5

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.6

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.6

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.7

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.7

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.8

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.8

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.9

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.9

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.10

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.10

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.11

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.4.11

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.0

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

vulnerability	VCID-ykkv-ahjn-d7eb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.0

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.1

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.1

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.2

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.2

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.3

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.3

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.4

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.4

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.5

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.5

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.6

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.6

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.7

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.7

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.8

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.5.8

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.0

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.0

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.1

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.1

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.2

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.2

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.3

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.3

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.4

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.4

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.5

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.5

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.6

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.6

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.7

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.7

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.8

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.6.8

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.0

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.0

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.1

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.1

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.2

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.2

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.3

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.3

url pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.4

purl pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-oauth2-client@5.7.4

url pkg:rpm/redhat/jenkins@2.387.1.1680701869-1?arch=el8

purl pkg:rpm/redhat/jenkins@2.387.1.1680701869-1?arch=el8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-432r-ukuw-4bgt

vulnerability	VCID-6925-fwf4-f7df

vulnerability	VCID-betz-7kth-p3cr

vulnerability	VCID-r15d-pzfc-3fg7

vulnerability	VCID-wyec-gfgc-4yfw

vulnerability	VCID-y82q-fr9b-gyf2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.387.1.1680701869-1%3Farch=el8

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31690.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31690

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54538
published_at	2026-05-14T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.5447
published_at	2026-05-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54444
published_at	2026-05-11T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54457
published_at	2026-04-26T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54429
published_at	2026-05-07T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54386
published_at	2026-05-05T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54436
published_at	2026-04-29T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54485
published_at	2026-05-09T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.5492
published_at	2026-04-08T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.54876
published_at	2026-04-02T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.54901
published_at	2026-04-04T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.54871
published_at	2026-04-07T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58248
published_at	2026-04-16T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.5819
published_at	2026-04-24T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58225
published_at	2026-04-21T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58251
published_at	2026-04-18T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58241
published_at	2026-04-09T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58259
published_at	2026-04-11T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58236
published_at	2026-04-12T12:55:00Z

value	0.00361
scoring_system	epss
scoring_elements	0.58216
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31690

reference_url

https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/spring-projects/spring-security-samples/blob/4638e1e428ee2ddab234199eb3b67b9c94dfa08b/servlet/spring-boot/java/oauth2/webclient/src/main/java/example/SecurityConfiguration.java#L48

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31690

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31690

reference_url

https://security.netapp.com/advisory/ntap-20221215-0010

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221215-0010

reference_url

https://security.netapp.com/advisory/ntap-20221215-0010/

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:42:47Z/

url

https://security.netapp.com/advisory/ntap-20221215-0010/

reference_url

https://tanzu.vmware.com/security/cve-2022-31690

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:42:47Z/

url

https://tanzu.vmware.com/security/cve-2022-31690

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2162200
reference_id	2162200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2162200

reference_url

https://github.com/advisories/GHSA-32vj-v39g-jh23

reference_id

GHSA-32vj-v39g-jh23

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-32vj-v39g-jh23

reference_url	https://access.redhat.com/errata/RHSA-2023:1285
reference_id	RHSA-2023:1285
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1285

reference_url	https://access.redhat.com/errata/RHSA-2023:1286
reference_id	RHSA-2023:1286
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1286

reference_url	https://access.redhat.com/errata/RHSA-2023:1655
reference_id	RHSA-2023:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1655

reference_url	https://access.redhat.com/errata/RHSA-2023:2041
reference_id	RHSA-2023:2041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2041

Weaknesses

cwe_id	269
name	Improper Privilege Management
description	The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y82q-fr9b-gyf2

Vulnerability Instance