CVE-2019-11268

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions prior to 73.3.0

Description The issue concerns improper escaping in certain endpoints, allowing an authenticated malicious user with basic read privileges for one identity zone to extend those privileges to all other identity zones. This enables the malicious user to obtain private information on users, clients, and groups in all other identity zones.

Recommendations For versions prior to 73.3.0, update to version 73.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints to minimize the risk of exploitation. Additionally, limit the privileges of users with basic read access to prevent them from extending their access to other identity zones.