Design/Logic Flaw

2019-08-0517:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ‘clients.write’ authority or scope can bypass the restrictions imposed on clients created via ‘clients.write’ and create clients with arbitrary scopes that the creator does not possess.

CPENameOperatorVersion
application_servicege2.6.0
application_servicelt2.6.2
application_servicege2.5.0
application_servicelt2.5.7
application_servicege2.4.0
application_servicelt2.4.11
application_servicege2.3.0
application_servicelt2.3.15
cloud_foundry_uaalt73.4.0
operations_managerge2.6.0

Name	Operator	Version
application_service	ge	2.6.0
application_service	lt	2.6.2
application_service	ge	2.5.0
application_service	lt	2.5.7
application_service	ge	2.4.0
application_service	lt	2.4.11
application_service	ge	2.3.0
application_service	lt	2.3.15
cloud_foundry_uaa	lt	73.4.0
operations_manager	ge	2.6.0