3 matches found
org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2018-1190 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.20.0)
org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2018-1190 Source advisory: OSV:GHSA-J97Q-9XP9-G5FX...
CVE-2018-1190
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting XSS attack is possible in the clientId parameter of a request...
CVE-2018-1190
CVE-2018-1190 affects Pivotal Cloud Foundry components, causing a cross-site scripting (XSS) vulnerability in the clientId parameter of the UAA OpenID Connect check session iframe used for single logout. Affected versions include cf-release prior to v270, UAA v3.x before v3.20.2, and UAA bosh rel...