Lucene search
GoogleOSV:CVE-2019-11279HistorySep 26, 2019 - 10:15 p.m.
CVE-2019-11279
2019-09-2622:15:11
Google
osv.dev
5
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
| CPE | Name | Operator | Version |
|---|---|---|---|
| uaa-release | eq | 56 | |
| uaa-release | eq | 67.0 | |
| uaa-release | eq | 10 | |
| uaa-release | eq | 68.0 | |
| uaa-release | eq | 43 | |
| uaa-release | eq | 61.0 | |
| uaa-release | eq | 11.1 | |
| uaa-release | eq | 13 | |
| uaa-release | eq | 2 | |
| uaa-release | eq | 30.1 |
References
Related
nvd
nvd
CVE-2019-11279
2019-09-26 22:15:11
symantec
symantec
Cloud Foundry UAA CVE-2019-11279 Privilege Escalation Vulnerability
2019-09-10 00:00:00
cve
cve
CVE-2019-11279
2019-09-26 22:15:11
prion
prion
Cross site request forgery (csrf)
2019-09-26 22:15:00
cvelist
cvelist
CVE-2019-11279 Privilege Escalation via Scope Manipulation in UAA
2019-09-10 00:00:00
cloudfoundry
cloudfoundry