Cloud Foundry UAA Elevation of Authority Vulnerability
UAA is a multi-tenant identity management service used in Cloud Foundry and can also be used as a standalone OAuth2 server. An elevation of privilege vulnerability exists in Cloud Foundry UAA versions prior to 74.1.0. The vulnerability stems from the fact that UAA can request a scope for a client...