diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000000000000000000000000000000000..dc54b7134ce6ea3f8fca021b2908aed5ce14b560 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "cve/java-spring-security/2022/CVE-2022-22978/POC_environment"] + url = https://gitee.com/zhangqichen131/cve-2022-22978-poc-environment + path = cve/java-spring-security/2022/CVE-2022-22978/POC_environment + diff --git a/cve/java-spring-security/2022/CVE-2022-22978/POC_environment b/cve/java-spring-security/2022/CVE-2022-22978/POC_environment new file mode 160000 index 0000000000000000000000000000000000000000..6fe163bfad94dea19984d85013c88d9586162a89 --- /dev/null +++ b/cve/java-spring-security/2022/CVE-2022-22978/POC_environment @@ -0,0 +1 @@ +Subproject commit 6fe163bfad94dea19984d85013c88d9586162a89 diff --git a/cve/java-spring-security/2022/CVE-2022-22978/README.md b/cve/java-spring-security/2022/CVE-2022-22978/README.md new file mode 100644 index 0000000000000000000000000000000000000000..d73d4d3c58ecd652c3bdd81a0cc42d1b9c396494 --- /dev/null +++ b/cve/java-spring-security/2022/CVE-2022-22978/README.md @@ -0,0 +1,12 @@ +### CVE-2022-22978 Spring-Security bypass Demo +>在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 +### 影响范围 +>Spring Security 5.5.x < 5.5.7 +Spring Security 5.6.x < 5.6.4 +### 复现 +![img.png](img.png) +![img_1.png](img_1.png) +### Paylaod +>http://localhost:8080/admin/index%0a +### Docker +> docker pull s0cke3t/cve-2022-22978:latest \ No newline at end of file diff --git a/cve/java-spring-security/2022/CVE-2022-22978/img.png b/cve/java-spring-security/2022/CVE-2022-22978/img.png new file mode 100644 index 0000000000000000000000000000000000000000..3cd0812251ae3e69ff81e7180dd78659ba1ff3ec Binary files /dev/null and b/cve/java-spring-security/2022/CVE-2022-22978/img.png differ diff --git a/cve/java-spring-security/2022/CVE-2022-22978/img_1.png b/cve/java-spring-security/2022/CVE-2022-22978/img_1.png new file mode 100644 index 0000000000000000000000000000000000000000..7209864900bb1ff0df6a98b93d93f891a5414306 Binary files /dev/null and b/cve/java-spring-security/2022/CVE-2022-22978/img_1.png differ diff --git a/cve/java-spring-security/2022/yaml/CVE-2022-22978.yaml b/cve/java-spring-security/2022/yaml/CVE-2022-22978.yaml new file mode 100644 index 0000000000000000000000000000000000000000..430b5e70481660950ae56c2511757b75d304fbc9 --- /dev/null +++ b/cve/java-spring-security/2022/yaml/CVE-2022-22978.yaml @@ -0,0 +1,22 @@ +id: CVE-2022-22978 +source: + https://github.com/DeEpinGh0st/CVE-2022-22978 +info: + name: Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。 + severity: critical + description: | + 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证。 + scope-of-influence: + Spring Security 5.5.x prior to 5.5.75.5.6 + Spring Security 5.6.x prior to 5.6.45.6.3 + Spring Security Earlier unsupported versions + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-22978 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2022-22978 + cwe-id: CWE-863, CWE-285 + cnvd-id: None + kve-id: None + tags: cve2022, spring-security \ No newline at end of file diff --git a/other_list.yaml b/other_list.yaml index fc7663c89bd57e1472b6072d7ca583e1c6d5cb50..226fdef942597c06e165248ec87720bc4e9c2359 100644 --- a/other_list.yaml +++ b/other_list.yaml @@ -29,6 +29,8 @@ cve: - CVE-2021-1056 java-spring-cloud-gateway: - CVE-2022-22947 + java-spring-security: + - CVE-2022-22978 apache-commons-text: - CVE-2022-42889 unzip: