CVE-2020-5421

Name of the Vulnerable Software and Affected Versions Spring Framework versions 4.3.0 through 4.3.28 Spring Framework versions 5.0.0 through 5.0.18 Spring Framework versions 5.1.0 through 5.1.17 Spring Framework versions 5.2.0 through 5.2.8

Description The issue is related to insecure privilege management in the Spring Framework platform. Exploitation of this issue may allow a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability can be exploited by bypassing protections against RFD attacks through the use of a jsessionid path parameter, depending on the browser used.

Recommendations For Spring Framework versions 4.3.0 through 4.3.28, update to a version that includes the necessary security patches. For Spring Framework versions 5.0.0 through 5.0.18, update to a version that includes the necessary security patches. For Spring Framework versions 5.1.0 through 5.1.17, update to a version that includes the necessary security patches. For Spring Framework versions 5.2.0 through 5.2.8, update to a version that includes the necessary security patches. As a temporary workaround, consider restricting access to the jsessionid path parameter to minimize the risk of exploitation.