CVE-2019-3788

2019-04-25T21:29:00
ID CVE-2019-3788
Type cve
Reporter cve@mitre.org
Modified 2019-04-26T18:01:00

Description

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.