Cloud FoundryCFOUNDRY:3AB1C9345B0053E693EFDE2D2D9EE7EECVE-2018-15754: UAA issues tokens across identity providers if users with matching usernames exist | Cloud Foundry
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.4%
Severity
Medium
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- UAA release:
- versions v60 prior to v66.0
Description
Cloud Foundry UAA, versions v60 prior to v66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
Mitigation
Users of affected versions should apply the following mitigations or upgrades:
-
* UAA release v66.0
Credit
This issue was responsibly reported by the Florian Tack and Torsten Luh of SAP.
History
2018-12-10: Initial vulnerability report published.
2018-02-28: Corrected credit section
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.4%