CVE-2023-20903

Name of the Vulnerable Software and Affected Versions Cloud Foundry UAA (affected versions not specified)

Description The issue is related to UAA refresh tokens and external identity providers. When an external identity provider linked to the UAA is deactivated, the UAA fails to reject refresh tokens issued on behalf of users from that identity provider. As a result, clients with such refresh tokens can continue to access Cloud Foundry resources until the refresh token expires, which defaults to 30 days.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.