Spring gRPC SecurityContext leaks across requests on authorization failure
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.
Affected versions:
Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
Description: CWE-653: Improper Isolation or Compartmentalization
Metrics
Version
Base score
Base severity
Vector
3.1
4.3
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Version:3.1
Base score:4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC ID
Description
N/A
A subsequent request on the same gRPC worker thread may inherit a prior user’s authenticated identity after an authorization failure, enabling privilege escalation (CVSS v3.1: low confidentiality and integrity impact).
CAPEC ID: N/A
Description: A subsequent request on the same gRPC worker thread may inherit a prior user’s authenticated identity after an authorization failure, enabling privilege escalation (CVSS v3.1: low confidentiality and integrity impact).