CVE-2018-11041

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions later than 4.6.0 and prior to 4.19.0, excluding versions 4.10.1 and 4.7.5 uaa-release versions later than v48 and prior to v60, excluding versions v55.1 and v52.9

Description The issue allows open redirects due to a lack of validation of redirect URL values on a form parameter used for internal redirects on the login page. A remote attacker can craft a malicious link that redirects users to arbitrary websites after a successful login attempt.

Recommendations For Cloud Foundry UAA versions later than 4.6.0 and prior to 4.19.0, excluding versions 4.10.1 and 4.7.5, update to a version that includes the fix for this issue. For uaa-release versions later than v48 and prior to v60, excluding versions v55.1 and v52.9, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the login page or implementing additional validation on redirect URL values to minimize the risk of exploitation.