Lucene search
GoogleOSV:CVE-2019-11268HistoryJul 11, 2019 - 6:15 p.m.
CVE-2019-11268
2019-07-1118:15:12
Google
osv.dev
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.
| CPE | Name | Operator | Version |
|---|---|---|---|
| uaa-release | eq | 56 | |
| uaa-release | eq | 67.0 | |
| uaa-release | eq | 10 | |
| uaa-release | eq | 68.0 | |
| uaa-release | eq | 43 | |
| uaa-release | eq | 61.0 | |
| uaa-release | eq | 11.1 | |
| uaa-release | eq | 13 | |
| uaa-release | eq | 2 | |
| uaa-release | eq | 30.1 |
References
Related
cvelist
cvelist
CVE-2019-11268 UAA SQL Identity Zone Vulnerability
2019-06-27 00:00:00
nvd
nvd
CVE-2019-11268
2019-07-11 18:15:12
cve
cve
CVE-2019-11268
2019-07-11 18:15:12
cloudfoundry
cloudfoundry
CVE-2019-11268: UAA SQL Identity Zone Vulnerability | Cloud Foundry
2019-06-27 00:00:00
prion
prion
Input validation
2019-07-11 18:15:00