An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCloudfoundry Cf Release
APPCloudfoundry≤ 260Cloudfoundry Cloud Foundry Uaa Bosh
APPCloudfoundry13.113.1013.1113.1213.1313.1413.213.313.413.513.613.713.813.924+ 13 więcejPivotal Software Cloud Foundry Uaa
APPPivotal Software2.2.5.42.7.12.7.22.7.32.7.42.7.4.12.7.4.112.7.4.122.7.4.132.7.4.142.7.4.152.7.4.162.7.4.22.7.4.32.7.4.4+ 29 więcej
Powiązane podatności
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-...