2 matches found
CVE-2019-3775
The CVE-2019-3775 entry concerns Cloud Foundry UAA prior to v70.0, where an authenticated user can modify their own email address, enabling impersonation of another user. The vulnerability is described as an authorization issue in multiple sources (CNVD/CVE records) and Cloud Foundry’s own adviso...
CVE-2019-3775 UAA allows users to modify their own email address
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user...