PT-2019-12218 · Cloud Foundry · Cloud Foundry Uaa

Yuval Avrahami

Publicado

2019-08-05

Atualizado

2020-10-02

CVE-2019-11270

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions prior to 73.4.0

Description The issue allows a malicious client with the clients.write authority or scope to bypass restrictions and create clients with arbitrary scopes that the creator does not possess. This can lead to privilege escalation.

Recommendations For Cloud Foundry UAA versions prior to 73.4.0, update to version 73.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the clients.write authority or scope to minimize the risk of exploitation. Restrict access to client creation via clients.write to prevent malicious clients from bypassing restrictions.

Correção

Incorrect Permission

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-269

Identificadores relacionados

CVE-2019-11270

Produtos afetados

Cloud Foundry Uaa

PT-2019-12218 · Cloud Foundry · Cloud Foundry Uaa

CVE-2019-11270

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9