4 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=4.11.0) +1 more potentially affected by CVE-2018-11041 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=4.7.4)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.30.0 Source cves: CVE-2018-11041 Source advisory: OSV:GHSA-XH4M-99QP-W483...
CVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open...
CVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open...
CVE-2018-11041
CVE-2018-11041 affects Cloud Foundry UAA and uaa-release: open redirect vulnerability due to lack of validation of the redirect URL in a form parameter used for internal login redirects. Affected: UAA versions >4.6.0 and v48 and