PT-2019-12226 · Cloud Foundry · Cf Uaa
Amit Laish
·
Publicado
2019-09-26
·
Atualizado
2020-10-05
·
CVE-2019-11279
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CF UAA versions prior to 74.1.0
Description
A remote malicious user can escalate their own privileges to any scope by submitting an array of requested scopes, allowing them to take control of UAA and the resources it controls.
Recommendations
For CF UAA versions prior to 74.1.0, update to version 74.1.0 or later to resolve the issue.
Correção
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cf Uaa