Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCloudfoundry Cf Deployment
APPCloudfoundry1.27.0 – 1.31.0Pivotal Software Cloud Foundry Uaa
APPPivotal Software4.12.04.12.14.12.24.13.04.13.14.13.24.13.34.13.4Pivotal Software Cloud Foundry Uaa Release
APPPivotal Software5757.158
Powiązane podatności
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, ap...
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure proto...
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...