CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
42.8%
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
org.cloudfoundry.identity | cloudfoundry-identity-server | * | cpe:2.3:a:org.cloudfoundry.identity:cloudfoundry-identity-server:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-pgjc-gc7g-p2c6
github.com/cloudfoundry/uaa/commit/0762cc768592abc4fb1c6afd9974ea6fb964f0f2
github.com/cloudfoundry/uaa/commit/18cf22ba9177f1124f85f99651b474b48f12cd28
github.com/cloudfoundry/uaa/commit/24bc5ade80560cedb9300940d2b398163ab0dc6
github.com/cloudfoundry/uaa/commit/24c270ce725df890727b2bd7d8a4f338a3a58b7
github.com/cloudfoundry/uaa/commit/3c456f0285e92713a0a9ce54c3e57d8636b9183c
github.com/cloudfoundry/uaa/commit/52acfabd11c3c77c2a3f5229b32f56de0e8d26ad
github.com/cloudfoundry/uaa/commit/5eb43757d5a3a2c9e7aae1ef3d0b9b7e2a38851e
github.com/cloudfoundry/uaa/commit/9d44cb0c7c25ccae95bfa1c2d59ce46200c643cb
nvd.nist.gov/vuln/detail/CVE-2017-4973
www.cloudfoundry.org/cve-2017-4973
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
42.8%