CVE-2016-6651 Privilege Escalation in UAA | Cloud Foundry

2016-09-26T00:00:00
ID CFOUNDRY:89B8900BFBC96C500EAF6D860966D73F
Type cloudfoundry
Reporter Cloud Foundry
Modified 2016-09-26T00:00:00

Description

CVE-2016-6651 Privilege Escalation in UAA

High

Vendor

Cloud Foundry Foundation

Versions Affected

  • Cloud Foundry release v242 and earlier versions
  • UAA release v3.7.0 & earlier versions
  • UAA bosh release (uaa-release) v16 & earlier versions

Description

A privilege escalation vulnerability has been identified with the /oauth/token endpoint in UAA allowing users to elevate the privileges in the token issued.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • Upgrade to Cloud Foundry v243 [1] or later

For standalone UAA users:

  • For users using UAA Version 3.0.0 – 3.7.0, please upgrade to UAA Release to v3.7.3[2], v3.4.5[3] or v3.3.0.6[4]
  • For users using standalone UAA Version 2.X.X, please upgrade to UAA Release to v2.7.4.8 [5]
  • For users using UAA bosh release, please upgrade to UAA-Release v17 [6] if upgrading to v3.7.3 [2] ,v12.6 [7] if upgrading to v3.4.5[3] or v11.7 [8] if upgrading to v3.3.0.6[4]

Credit

SAP HCP Security Team

References

  • [1] <https://github.com/cloudfoundry/cf-release/releases/tag/v243>
  • [2] <https://github.com/cloudfoundry/uaa/releases/tag/3.7.3>
  • [3] <https://github.com/cloudfoundry/uaa/releases/tag/3.4.5>
  • [4] <https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.6>
  • [5] <https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.8>
  • [6] <https://github.com/cloudfoundry/uaa-release/releases/tag/v17>
  • [7] <https://github.com/cloudfoundry/uaa-release/releases/tag/v12.6>
  • [8] <https://github.com/cloudfoundry/uaa-release/releases/tag/v11.7>

History

2016-09-26: Initial vulnerability report published