MEDIUM🇵🇱 Wersja polska

CVE-2018-15754

CVSS 4.2v3.0pub. 2018-12-13upd. 2024-11-21

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Pivotal Software Cloud Foundry Uaa Release

    APP
    Pivotal Software
    60.0 – 66.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-3787HIGH8.3ten sam produkt

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address w...

CVE-2018-1262HIGH7.2ten sam produkt

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege esc...

CVE-2018-1192HIGH8.8ten sam produkt

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x...

CVE-2017-4963HIGH8.1ten sam produkt

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand...

CVE-2019-11268MEDIUM4.3ten sam produkt

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated...