Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NPivotal Software Cloud Foundry Uaa Release
APPPivotal Software60.0 – 66.0 (bez)
Related vulnerabilities
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address w...
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege esc...
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x...
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand...
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated...