Cloud Foundry Foundation
Cloud Foundry UAA, release versions prior to v64.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes to escalate their privileges.
Users of affected versions should apply the following mitigations or upgrades:
This issue was responsibly reported by the UAA team.
2018-11-01: Initial vulnerability report published.