CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

EUVD-2022-3804

Malicious code in bioql PyPI...

EUVD-2021-9171

Malicious code in bioql PyPI...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=4.1.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=4.1.0 <=4.11.0) +1 more potentially affected by CVE-2017-8031 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=4.10.0 <=4.5.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =4.10.0, =4.1.0, =4.1.0, =3.3.0.6, =4.30.0 Source cves: CVE-2017-8031 Source advisory: OSV:GHSA-J4P3-2M2H-CV5F...

CVE-2019-11278

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...

CVE-2017-4972: Blind SQL Injection in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...