CVE-2021-26905

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key...

CVE-2021-26905

CVE-2021-26905: Affects 1Password SCIM Bridge prior to 1.6.2. The component mishandles validation of authenticated requests for log files, allowing exposure of the TLS private key. Remediation: upgrade to 1.6.2 or later. No exploitation details are provided in the sources; vulnerability context i...

CVE-2021-26905

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

CVE-2020-10256 affects the 1Password command-line tool (versions prior to 0.5.5) and the 1Password SCIM bridge (versions prior to 0.7.3). The root cause is an insecure random number generator used to generate keys, enabling an attacker with access to encrypted data to perform brute-force calculat...

Information Disclosure

cloudfoundry-identity-server is vulnerable to information disclosure. A remotely authenticated attacker with scim.invite scope is able to obtain information about users of the UAA via blind SCIM injection through the email parameter...

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

CVE-2019-11282

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

Sql injection

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

CVE-2019-11282 UAA is vulnerable to a Blind SCIM injection leading to information disclosure

Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak information about users of the UAA...

CVE-2019-11282

CVE-2019-11282 affects Cloud Foundry UAA prior to v74.3.0. A remote authenticated attacker with the scim.invite scope can craft requests to an endpoint vulnerable to SCIM injection, potentially leaking information about UAA users. The issue is documented across multiple sources (NVD entry, CNVD/C...

CVE-2019-11282: UAA is vulnerable to a Blind SCIM injection leading to information disclosure | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint that is vulnerable to SCIM injection attack. A remote authenticated malicious user with scim.invite scope can craft a request with malicious content which can leak...

Cloud Foundry UAA SCIM Elevation of Privilege Vulnerability

UAA is a multi-tenant identity management service used in Cloud Foundry and can also be used as a standalone OAuth2 server. A SCIM blind injection elevation of privilege vulnerability exists in Cloud Foundry UAA versions prior to 74.1.0. The vulnerability stems from UAA allowing direct querying o...

CVE-2019-11278

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...

CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...

CVE-2019-11278

CVE-2019-11278 affects Cloud Foundry UAA before 74.1.0. A remote attacker with the privileges client.write and groups.update can craft a SCIM query by injecting external input directly into SCIM, causing a leak of information that enables privilege escalation and potential control of UAA scopes. ...

CVE-2019-11278: Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ ca...

Cross-site Scripting (XSS)

cloudfoundry-identity-scim is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of sanitization of filter in the returned ScimException...

Cloud Foundry UAA Cross-Site Scripting Vulnerability

UAA is a multi-tenant identity management service used in Cloud Foundry and can also be used as a standalone OAuth2 server. A cross-site scripting vulnerability exists in Cloud Foundry UAA versions prior to 74.0.0. An attacker can exploit this vulnerability to execute malicious JavaScript via a...

CVE-2019-11274

Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS attack. A remote unauthenticated malicious attacker could craft a URL that contains a SCIM filter that contains malicious JavaScript, which older browsers may execute...