Lucene search
Cloud FoundryCFOUNDRY:7364D02BC019DB2C69FEC1E7A643E919HistoryFeb 02, 2016 - 12:00 a.m.
CVE-2016-0732 Privilege Escalation | Cloud Foundry
2016-02-0200:00:00
Cloud Foundry
www.cloudfoundry.org
44
0.002 Low
EPSS
Percentile
59.9%
CVE-2016-0732 Privilege Escalation
Critical
Vendor
Cloud Foundry Foundation
Versions Affected
- Cloud Foundry v208 through v229
- UAA v2.0.0 – v2.7.3 & v3.0.0
- UAA-Release v2 through v4
Description
A privilege elevation vulnerability has been identified with the identity zones feature of UAA. Users with the appropriate permissions in one zone can perform unauthorized operations on a different zone.
Mitigation
Users are strongly encouraged to follow one of the mitigations below:
- Upgrade to Cloud Foundry v230 [1] or later
- For standalone UAA users
- For users using UAA Version 3.0.0, please upgrade to UAA Release to v3.0.1 [3] or later
- For users using standalone UAA Version 2.X.X, please upgrade to UAA Release to v2.7.4 [2] or v3.0.1 [3]
- For users using UAA-Release (UAA bosh release), please upgrade to UAA-Release v5 [4]
Credit
Discovered by the GE Digital Security Team
References
- [1]
<https://github.com/cloudfoundry/cf-release/releases/tag/v230> - [2]
<https://github.com/cloudfoundry/uaa/releases/tag/2.7.4> - [3]
<https://github.com/cloudfoundry/uaa/releases/tag/3.0.1> - [4]
<https://github.com/cloudfoundry/uaa-release/releases/tag/v5>
History
2016-Feb-2: Initial vulnerability report published on VMware.io
2017-Sep-8: Report published on cloudfoundry.org
Related
cvelist
cvelist
CVE-2016-0732
2017-09-07 13:00:00
prion
prion
Information disclosure
2017-09-07 13:29:00
cve
cve
CVE-2016-0732
2017-09-07 13:29:00
osv
osv
CVE-2016-0732
2017-09-07 13:29:00
nvd
nvd
CVE-2016-0732
2017-09-07 13:29:00