CVE-2017-4992

Name of the Vulnerable Software and Affected Versions Cloud Foundry Foundation cf-release versions prior to v261 UAA release 2.x versions prior to v2.7.4.17 UAA release 3.6.x versions prior to v3.6.11 UAA release 3.9.x versions prior to v3.9.13 UAA release versions prior to v4.2.0 UAA bosh release (uaa-release) 13.x versions prior to v13.15 UAA bosh release (uaa-release) 24.x versions prior to v24.10 UAA bosh release (uaa-release) 30.x versions prior to 30.3 UAA bosh release (uaa-release) versions prior to v37

Description The issue allows for privilege escalation through arbitrary password reset with user invitations. This can be exploited to gain unauthorized access to accounts.

Recommendations For Cloud Foundry Foundation cf-release versions prior to v261, update to version v261 or later. For UAA release 2.x versions prior to v2.7.4.17, update to version v2.7.4.17 or later. For UAA release 3.6.x versions prior to v3.6.11, update to version v3.6.11 or later. For UAA release 3.9.x versions prior to v3.9.13, update to version v3.9.13 or later. For UAA release versions prior to v4.2.0, update to version v4.2.0 or later. For UAA bosh release (uaa-release) 13.x versions prior to v13.15, update to version v13.15 or later. For UAA bosh release (uaa-release) 24.x versions prior to v24.10, update to version v24.10 or later. For UAA bosh release (uaa-release) 30.x versions prior to 30.3, update to version 30.3 or later. For UAA bosh release (uaa-release) versions prior to v37, update to version v37 or later.