3 matches found
CVE-2019-11279
This CVE affects Cloud Foundry UAA before 74.1.0. The issue allows a remote attacker to escalate privileges by submitting an array of scopes for a client, enabling them to obtain any scope and take control of UAA and its resources. Affected product: Cloud Foundry UAA (versions prior to 74.1.0). R...
CVE-2019-11279 Privilege Escalation via Scope Manipulation in UAA
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls...
CVE-2019-11279: Privilege Escalation via Scope Manipulation in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn’t be allowed by submitting an array of requested scopes. A remote malicious...