CVE-2017-8032

In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release uaa-release 13.x versions prior to v13.17, 24.x...

Privilege Escalation

CloudFoundry User Account and Authentication UAA is vulnerable to privilege escalation. There is a flaw in mapping permissions for an external provider, allowing Zone administrators to escalate their privileges...