CVE-2019-3788

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA Release versions prior to 71.0

Description The issue allows clients to be configured with an insecure redirect uri. A remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim if a UAA client was configured with a wildcard in the redirect uri's subdomain.

Recommendations For versions prior to 71.0, update to version 71.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of wildcard subdomains in redirect uris to minimize the risk of exploitation.