Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HPivotal Software Cloud Foundry Uaa
APPPivotal Software< 4.23.0Pivotal Software Cloudfoundry Uaa Release
APPPivotal Software< 64.0
Related vulnerabilities
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivota...
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime...
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x version...
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x ...
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'c...