RSS   Vulnerabilities for 'Uaa release'   RSS

2019-04-25
 
CVE-2019-3801

CWE-20
 

 
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

 
 
CVE-2019-3788

CWE-601
 

 
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

 

 >>> Vendor: Cloudfoundry 9 Products
Capi-release
Cf-release
Cf-mysql-release
Routing-release
Bosh azure cpi
Uaa release
Routing release
Cf-deployment
Garden-runc


Copyright 2019, cxsecurity.com

 

Back to Top