Cross site request forgery (csrf)

2021-07-2214:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.

CPENameOperatorVersion
cf-deploymentlt16.18.0
user_account_and_authenticationlt75.3.0

CPE	Name	Operator	Version
	cf-deployment	lt	16.18.0
	user_account_and_authentication	lt	75.3.0

References

www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/