22 matches found
Comparison Using Wrong Factors
Overview org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication UAA Server. Affected versions of this package are vulnerable to Comparison Using Wrong Factors due to a logic error in the token revocation endpoint implementation. An attacker can...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-5016 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0.2)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-5016 Source advisory: OSV:GHSA-RC2R-W8JV-VGGP...
org.cloudfoundry.identity:cloudfoundry-identity-api (=3.4.0), org.cloudfoundry.identity:cloudfoundry-identity-app (=3.4.0) +1 more potentially affected by CVE-2016-5016 via org.cloudfoundry.identity:cloudfoundry-identity-server (=3.4.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.cloudfoundry.identity:cloudfoundry-identity-server and may be impacted: - org.cloudfoundry.identity:cloudfoundry-identity-ap...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2018-1190 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.20.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2018-1190 Source advisory: OSV:GHSA-J97Q-9XP9-G5FX...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.6.0 <=4.7.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.6.0 <=4.7.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.6.0 <=4.7.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.6.0, =4.6.0, =4.6.0, =4.6.0, =4.7.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.20.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.1.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.1.0 <=4.11.0) +1 more potentially affected by CVE-2017-8032 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.10.0 <=4.3.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.10.0, =4.1.0, =4.1.0, =3.3.0.6, =4.30.0 Source cves: CVE-2017-8032 Source advisory: OSV:GHSA-9FRW-WMVQ-5RRC...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-6637 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0.4)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-6637 Source advisory: OSV:GHSA-4M8C-H7FR-GQ5C...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.4.0 <=3.4.3), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.4.0 <=3.4.3) +1 more potentially affected by CVE-2016-6637 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.4.0 <=3.4.3)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.4.0, =3.4.0, =3.4.0, =3.4.0, =3.4.3 Source cves: CVE-2016-6637 Source advisory: OSV:GHSA-4M8C-H7FR-GQ5C...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-8032 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-8032 Source advisory: OSV:GHSA-9FRW-WMVQ-5RRC...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.6.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.16.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.16.0) +1 more potentially affected by CVE-2017-4991 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.16.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.16.0 Source cves: CVE-2017-4991 Source advisory: OSV:GHSA-CGRG-X34R-78F3...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.10.0 <=3.13.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.10.0 <=3.13.0) +1 more potentially affected by CVE-2017-4973 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.10.0 <=3.13.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0, =3.10.0, =3.10.0, =3.10.0, =3.13.0 Source cves: CVE-2017-4973 Source advisory: OSV:GHSA-PGJC-GC7G-P2C6...
org.cloudfoundry.identity:cloudfoundry-identity-api (=3.10.0), org.cloudfoundry.identity:cloudfoundry-identity-app (=3.10.0) +1 more potentially affected by CVE-2017-4960 via org.cloudfoundry.identity:cloudfoundry-identity-server (=3.10.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.cloudfoundry.identity:cloudfoundry-identity-server and may be impacted: - org.cloudfoundry.identity:cloudfoundry-identity-a...
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2016-3084 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.3.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2016-3084 Source advisory: OSV:GHSA-FM5C-2RWC-887W...
Information Disclosure
cloudfoundry-identity-server is vulnerable to information disclosure. A remotely authenticated attacker with scim.invite scope is able to obtain information about users of the UAA via blind SCIM injection through the email parameter...
Privilege Escalation
cloudfoundry-identity-server is vulnerable to privilege escalation. External input is directly appended to an SCIM query, allowing a remote attacker with client.write and groups.update to inject and execute a malicious SCIM query. This allows the retrieval of confidential information that allows ...
com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +10 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.14.RELEASE)
org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...
Privilege Escalation
cloudfoundry-identity-server is vulnerable to privilege escalation attacks. The vulnerability exists due to an error in validation, allowing an authenticated user to gain an OAuth token with arbitrary scopes by modifying the url and content of the consent page...
br.com.damsete.arq:damsete-arq (>=0.0.1 <=0.0.3), br.com.damsete.arq:damsete-arq-audit (>=0.0.1 <=0.0.3) +14 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.2.RELEASE)
org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.0.1, =4.0.0, =0.1.0, =4.26.0, =4.26.0, =3.3.0.6, =4.30.0 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...