Privilege Escalation

cloudfoundry-identity-server is vulnerable to privilege escalation. External input is directly appended to an SCIM query, allowing a remote attacker with client.write and groups.update to inject and execute a malicious SCIM query. This allows the retrieval of confidential information that allows ...

Cross-site Scripting (XSS)

cloudfoundry-identity-scim is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of sanitization of filter in the returned ScimException...

Clickjacking

cloudfoundry-identity-server is vulnerable to clickjacking attacks. It was discovered that it does not use content security policy X-FRAME-OPTIONS header on various email-endpoints which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into...

com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +11 more potentially affected by CVE-2019-11269 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.17.RELEASE)

org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =1.4.3, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-11269 Source advisory: OSV:GHSA-MMF6-6597-3V6M...

Information Disclosure

cloudfoundry-identity-server is vulnerable to information disclosure. The vulnerability exists as it defaults to sending emails to @unknown.org if a user's email address is not provided, allowing the owner of the unknown.org domain to receive password recovery emails of other users...

Man-in-the-Middle (MitM)

github.com/cloudfoundry/cf-deployment is vulnerable to man-in-the-middle attacks. Dependencies are downloaded via an unencrypted HTTP channel, allowing man-in-the-middle attackers to modify contents of the dependencies that are downloaded by the application, potentially causing arbitrary code...

Open Redirection

Cloudfoundry UAA is vulnerable to open redirection.The redirect URI is not properly validated to filter wildcard characters, allowing a remote unauthenticated user to enter malicious URI to get a UAA access code...

com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +10 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.14.RELEASE)

org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...

Privilege Escalation

cloudfoundry-identity-server is vulnerable to privilege escalation attacks. The vulnerability exists due to an error in validation, allowing an authenticated user to gain an OAuth token with arbitrary scopes by modifying the url and content of the consent page...

br.com.damsete.arq:damsete-arq (>=0.0.1 <=0.0.3), br.com.damsete.arq:damsete-arq-audit (>=0.0.1 <=0.0.3) +14 more potentially affected by CVE-2018-1260 via org.springframework.security.oauth:spring-security-oauth2 (>=2.3.0.RELEASE <=2.3.2.RELEASE)

org.springframework.security.oauth:spring-security-oauth2 MAVEN version =2.3.0.RELEASE, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.0.1, =4.0.0, =0.1.0, =4.26.0, =4.26.0, =3.3.0.6, =4.30.0 and more Source cves: CVE-2018-1260 Source advisory: OSV:GHSA-RRPM-PJ7P-7J9Q...

Authorization Bypass

cloudfoundry-identity-server is vulnerable to authorization bypasses. A malicious user can use a refresh token to gain access to the application instead of using an access token, allowing them to stay authenticated longer...

Man-in-the-Middle (MitM)

github.com/cloudfoundry/gorouter is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the lack of validation on the value of the X-Forwarded-Proto header, allowing the client to use a http connection and be prone to MitM attacks...

Privilege Escalation

CloudFoundry User Account and Authentication UAA is vulnerable to privilege escalation. A zone administrator can issue a token that impersonates another zone, allowing an escalation of privileges during offline validation of clients...

File Traversal

github.com/cloudfoundry-attic/garden-linux is vulnerable to file traversal attacks. The garden-linux nstar executable allows attackers to read files within the host system that the BOSH-created vcap user has permission to read. This can be done by staging an application on Cloud Foundry using Die...

Cross-site Scripting (XSS)

cloudfoundry-identity-uaa is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint...

Denial Of Service (DoS) Through Token Revocation

CloudFoundry User Account and Authentication UAA is vulnerable to denial of service DoS attacks. The checktoken endpoint does not validate the clientId when revoking opaque or JWT client tokens, allowing a malicious user to revoke another user's token...

Privilege Escalation

CloudFoundry User Account and Authentication UAA is vulnerable to privilege escalation. There is a flaw in mapping permissions for an external provider, allowing Zone administrators to escalate their privileges...

Forwarded HTTP Headers

cloudfoundry-identity-server is vulnerable to forwarded http headers. There is an issue with forwarded http headers in UAA that can result in an account being corrupted...

Privilege Escalation

CloudFoundry User Account and Authentication UAA is vulnerable to privilege escalation attacks. These attacks are possible because any user is able to access the invitations endpoint. Through the endpoint, malicious users are able to perform a password reset on a different user...

Blind SQL Injection

CloudFoundry User Account and Authentication UAA is vulnerable to blind SQL injections. A malicious user cause a blind SQL injection when executing a simple query to the user database...