Bug #22045: Spring security CVE-2022-31692 on oauth2 module - Authentication backends - Issue Tracker

Actions

Copy link

Bug #22045

closed

Rudder - Bug #22044: Spring-security is impacted by CVE-2022-31692

Spring security CVE-2022-31692 on oauth2 module

Added by François ARMAND about 2 years ago. Updated over 1 year ago.

Status:

Resolved

Priority:

N/A

Assignee:

François ARMAND

Target version:

Rudder plugins - 7.2

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

https://tanzu.vmware.com/security/cve-2022-31692

We are not impacted since we don't use spring security authorization. Still, we can update to be at the same version as parent project and avoid false positive.

Actions

Copy link

Updated by François ARMAND about 2 years ago

Status changed from New to In progress
Assignee set to François ARMAND

Actions

Copy link

Updated by François ARMAND about 2 years ago

Subject changed from Spring security CVE-2022-31692 on oauth2 module to Spring security CVE-2022-31692 on oauth2 module
Status changed from In progress to Resolved

It will be automatically resolved by parent, there is not specific version for oauth2 plugin, it uses rudder main one.

Actions

Copy link