Vulnerability CVE-2019-3788


Published: 2019-04-25

Description:
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

Vendor: Cloudfoundry
Product: Uaa release 
Version:
9.0
8.0
70.0
7.0
69.0
68.0
67.0
66.0
64.0
63.0
62.0
61.0
60.2
60.0
6.0
59.0
58.1
58.0
57.4
57.3
57.2
57.1
57.0
56.0
55.2
55.1
55.0
54.0
53.3
53.2
53.1
53.0
52.9
52.8
52.7
52.6
52.5
52.4
52.2
52.10
52.0
51.0
50.0
5.0
48.0
45.9
45.8
45.7
45.6
45.5
45.4
45.3
45.2
45.11
45.10
45.0
44.0
43.0
41.1
41.0
40.0
4.0
39.0
38.0
37.0
36.0
35.0
34.3
34.2
34.1
34.0
33.0
32.0
31.0
30.9
30.8
30.7
30.6
30.5
30.4
30.3
30.2
30.1
30.0
3.0
29.0
28.0
27.0
26.0
25.0
24.9
24.8
24.7
24.6
24.5
24.4
24.3
24.2
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
https://www.cloudfoundry.org/blog/cve-2019-3788

Related CVE
CVE-2019-3801
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inje...
CVE-2019-3789
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the ext...
CVE-2019-3798
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a vict...
CVE-2018-11084
Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of servi...
CVE-2016-0708
Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must h...
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route an...
CVE-2016-6658
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access...
CVE-2016-0713
Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.

Copyright 2019, cxsecurity.com

 

Back to Top