22 matches found
EUVD-2019-2958
Malware in sbrugna...
EUVD-2016-0761
Malware in sbrugna...
EUVD-2025-2672
Malicious code in bioql PyPI...
EUVD-2022-3237
Malicious code in bioql PyPI...
CVE-2025-22216
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...
CVE-2025-22216 CVE-2025-22216 UAA Missing Zone Validation
A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones...
CVE-2025-22216
CVE-2025-22216 affects CloudFoundry UAA (multi-identity-zone configuration). The issue is improper validation of session information across zones, allowing a user authenticated against a corporate IDP to reuse a jsessionid to access other zones. Affected releases include UAA up to 77.20.1, 77.24....
PT-2025-4393 · Uaa · Uaa
Name of the Vulnerable Software and Affected Versions: UAA affected versions not specified Description: The issue concerns a UAA configured with multiple identity zones, where session information is not properly validated across those zones. This allows a user authenticated against a corporate ID...
CVE-2025-22216 - UAA Missing Zone Validation | Cloud Foundry
Severity MED Overall CVSS Score: 5.0 CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C Vendor CloudFoundry Foundation Versions Affected Affected thru UAA Releases 77.20.1, 77.24.0 including 77.21.0, 77.22.0, 77.23.0 Unaffected from UAA Release 77.20.2 Unaffected from UAA Release...
GHSA-8V97-GV3G-32RF UAA privilege escalation across identity zones
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...
Input validation
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and grou...
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...
Privilege escalation
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to adm...
CVE-2018-1262
The CVE-2018-1262 issue affects Cloud Foundry Foundation UAA (versions 4.12.x and 4.13.x). The root cause is a feature that allowed privilege escalation across identity zones when offline token validation is performed, enabling a zone administrator to configure tokens impersonating another zone a...
CVE-2018-1262: UAA privilege escalation across identity zones | Cloud Foundry
Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa-release versions v57, v57.1 or v58 You are using uaa versions 4.12.x or 4.13.x You are using cf-deployment versions v1.27.0 through v1.31.0 Description UAA, versions 4.12.X and 4.13.X,...
Pivotal Cloud Foundry and UAA elevation of privilege vulnerability (CNVD-2018-04368)
Pivotal Cloud Foundry PCF is a product of Pivotal Software, Inc. of the U.S. PCF is an open-source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment, among other capabilities.UAA is an authentication and...
Information disclosure
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges...
CVE-2016-0732
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges...