An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HPivotal Software Cloud Foundry Cf Release
APPPivotal Software≤ 252Pivotal Software Cloud Foundry Uaa
APPPivotal Software2.0.0 – 2.7.4.123.0.0 – 3.11.0Pivotal Software Cloud Foundry Uaa Release
APPPivotal Software≤ 26
Related vulnerabilities
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation e...
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x ...