Lucene search

GitHub Advisory DatabaseGHSA-XH4M-99QP-W483

HistoryMay 14, 2022 - 3:05 a.m.

Cloud Foundry UAA open redirect

2022-05-1403:05:26

CWE-601

GitHub Advisory Database

github.com

cloud foundry

uaa

versions

4.6.0

4.19.0

4.10.1

4.7.5

uaa-release

v48

v60

v55.1

v52.9

validation

redirect url

form parameter

open redirect

attacker

malicious link

successful login

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt.

Affected configurations

Vulners

Node

org.cloudfoundry.identitycloudfoundry-identity-serverRange4.13.0–4.19.0

org.cloudfoundry.identitycloudfoundry-identity-serverRange4.11.0–4.12.3

org.cloudfoundry.identitycloudfoundry-identity-serverRange4.8.0–4.10.1

org.cloudfoundry.identitycloudfoundry-identity-serverRange<4.7.5

VendorProductVersionCPE
org.cloudfoundry.identitycloudfoundry-identity-server*cpe:2.3:a:org.cloudfoundry.identity:cloudfoundry-identity-server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.cloudfoundry.identity	cloudfoundry-identity-server	*	cpe:2.3:a:org.cloudfoundry.identity:cloudfoundry-identity-server::::::::

References

github.com/advisories/GHSA-xh4m-99qp-w483

github.com/cloudfoundry/uaa/commit/238ce572fdaebbb8357b265d2f77eb9761199a09

github.com/cloudfoundry/uaa/commit/57a15dfb7e0e3a59019ebe951793b586512b196

github.com/cloudfoundry/uaa/commit/7a8f157f7e2feed2d0ebb63b163ff735b6340b9

github.com/cloudfoundry/uaa/commit/7d750e036cd52c5d30e73e28cbcae23126d7154

github.com/cloudfoundry/uaa/commit/83c8627c2da7845043b65e6ba354a64b4f9c6e2f

github.com/cloudfoundry/uaa/commit/8a599448781acd481aa9dab1b0bde3424e00ced

github.com/cloudfoundry/uaa/commit/d17b23fc3bf9b86f111774925afadfced75315c

github.com/cloudfoundry/uaa/commit/f6362a8f1865314aa507fc5de772848b7e55236

nvd.nist.gov/vuln/detail/CVE-2018-11041

www.cloudfoundry.org/blog/cve-2018-11041

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

47.3%

JSON

Related for GHSA-XH4M-99QP-W483