PT-2019-12226 · Cloud Foundry · Cf Uaa
Amit Laish
·
Published
2019-09-26
·
Updated
2020-10-05
·
CVE-2019-11279
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CF UAA versions prior to 74.1.0
Description
A remote malicious user can escalate their own privileges to any scope by submitting an array of requested scopes, allowing them to take control of UAA and the resources it controls.
Recommendations
For CF UAA versions prior to 74.1.0, update to version 74.1.0 or later to resolve the issue.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cf Uaa