CRITICAL🇵🇱 Wersja polska

CVE-2018-15761

CVSS 9.9v3.0pub. 2018-11-19upd. 2024-11-21

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Pivotal Software Cloud Foundry Uaa

    APP
    Pivotal Software
    < 4.23.0
  • Pivotal Software Cloudfoundry Uaa Release

    APP
    Pivotal Software
    < 64.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2015-5171CRITICAL9.8ten sam produkt

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...

CVE-2015-5172CRITICAL9.8ten sam produkt

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...

CVE-2017-4992CRITICAL9.8ten sam produkt

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...

CVE-2016-6637CRITICAL9.6ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x ...

CVE-2019-11270HIGH7.5ten sam produkt

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...