PT-2018-13182 · Cloud Foundry · Cloud Foundry Uaa

Florian Tack

Publicado

2018-12-13

Atualizado

2019-10-09

CVE-2018-15754

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions prior to 66.0

Description The issue concerns an authorization logic error in environments with multiple identity providers where accounts have the same username across different providers. A remote authenticated user with access to one account may be able to obtain a token for an account with the same username in another identity provider.

Recommendations For versions prior to 66.0, update to version 66.0 or later to resolve the issue.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2018-15754

Produtos afetados

Cloud Foundry Uaa

PT-2018-13182 · Cloud Foundry · Cloud Foundry Uaa

CVE-2018-15754

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4