HIGH🇬🇧 English

CVE-2019-3787

CVSS 8.3v3.0pub. 2019-06-19upd. 2024-11-21

Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Pivotal Software Cloud Foundry Uaa Release

    APP
    Pivotal Software
    < 73.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-1262HIGH7.2ten sam produkt

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege esc...

CVE-2018-1192HIGH8.8ten sam produkt

In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x...

CVE-2017-4963HIGH8.1ten sam produkt

An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand...

CVE-2019-11268MEDIUM4.3ten sam produkt

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated...

CVE-2018-15754MEDIUM4.2ten sam produkt

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multi...