UBUNTU-CVE-2022-31692
- Source
- https://ubuntu.com/security/CVE-2022-31692
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-31692.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-31692
- Upstream
- Published
- 2022-10-31T20:15:00Z
- Modified
- 2025-09-08T16:50:15Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
- References
Affected packages
Ubuntu:22.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-context-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-core-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-messaging-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-test-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-web-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "4.3.30-1"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "4.3.30-1"
}
]
}Ubuntu:24.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-context-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-core-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-messaging-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-test-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-web-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "4.3.30-2"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "4.3.30-2"
}
]
}Ubuntu:25.04
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.30-2ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-context-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-core-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-messaging-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-test-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-web-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "4.3.30-2ubuntu1"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "4.3.30-2ubuntu1"
}
]
}Ubuntu:Pro:14.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@3.0.6.RELEASE-13ubuntu0.1~esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.0.6.RELEASE-7
3.0.6.RELEASE-8
3.0.6.RELEASE-9
3.0.6.RELEASE-10
3.0.6.RELEASE-11
3.0.6.RELEASE-12
3.0.6.RELEASE-13
3.0.6.RELEASE-13ubuntu0.1~esm1
3.0.6.RELEASE-13ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-context-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-core-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-test-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-web-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
},
{
"binary_name": "libspring-web-struts-java",
"binary_version": "3.0.6.RELEASE-13ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:16.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@3.2.13-5ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-context-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-core-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-test-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-web-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "3.2.13-5ubuntu0.1~esm1"
}
]
}Ubuntu:Pro:18.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.22-1~18.04.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-context-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-core-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-messaging-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-test-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-web-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "4.3.22-1~18.04.1~esm1"
}
]
}Ubuntu:Pro:20.04:LTS
libspring-java
Package
- Name
- libspring-java
- Purl
- pkg:deb/ubuntu/libspring-java@4.3.22-4ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libspring-aop-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-beans-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-context-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-context-support-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-core-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-expression-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-instrument-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-jdbc-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-jms-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-messaging-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-orm-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-oxm-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-test-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-transaction-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-web-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-web-portlet-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
},
{
"binary_name": "libspring-web-servlet-java",
"binary_version": "4.3.22-4ubuntu0.1~esm1"
}
]
}