MEDIUM🇬🇧 English

CVE-2019-11268

CVSS 4.3v3.1pub. 2019-07-11upd. 2024-11-21

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Pivotal Software Cloud Foundry Uaa Release

    APP
    Pivotal Software
    < 73.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-3787HIGH8.3ten sam produkt

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address w...

CVE-2018-1262HIGH7.2ten sam produkt

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege esc...

CVE-2018-1192HIGH8.8ten sam produkt

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x...

CVE-2017-4963HIGH8.1ten sam produkt

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand...

CVE-2018-15754MEDIUM4.2ten sam produkt

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multi...