RSS   Podatności dla 'Uaa release'   RSS

2019-09-26
 
CVE-2019-11279

CWE-269
 
 
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

 
2019-04-25
 
CVE-2019-3801

CWE-20
 
 
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

 
 
CVE-2019-3788

CWE-601
 
 
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

 
2019-03-07
 
CVE-2019-3775

CWE-287
 
 
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

 

 >>> Vendor: Cloudfoundry 18 Produkty
Cf-release
Capi-release
Bosh azure cpi
Cf-mysql-release
Routing-release
Staticfile buildpack
Cf-deployment
Uaa release
Routing release
Garden-runc
User account and authentication
Container runtime
Command line interface
Credhub cli
Stratos
Bosh backup and restore
Cloud controller
Routing

Copyright 2024, cxsecurity.com

 

Back to Top