PT-2018-13182 · Cloud Foundry · Cloud Foundry Uaa

Florian Tack

Published

2018-12-13

Updated

2019-10-09

CVE-2018-15754

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA versions prior to 66.0

Description The issue concerns an authorization logic error in environments with multiple identity providers where accounts have the same username across different providers. A remote authenticated user with access to one account may be able to obtain a token for an account with the same username in another identity provider.

Recommendations For versions prior to 66.0, update to version 66.0 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2018-15754

Affected Products

Cloud Foundry Uaa

PT-2018-13182 · Cloud Foundry · Cloud Foundry Uaa

CVE-2018-15754

Weakness Enumeration

Related Identifiers

Affected Products

References · 4