Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NPivotal Software Cloud Foundry Uaa Release
APPPivotal Software< 73.3.0
Powiązane podatności
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address w...
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege esc...
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x...
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand...
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multi...