Lucene search
K
CloudfoundryUaa Release

5 matches found

CVE
CVE
added 2019/09/26 9:15 p.m.126 views

CVE-2019-11279

This CVE affects Cloud Foundry UAA before 74.1.0. The issue allows a remote attacker to escalate privileges by submitting an array of scopes for a client, enabling them to obtain any scope and take control of UAA and its resources. Affected product: Cloud Foundry UAA (versions prior to 74.1.0). R...

8.8CVSS8.9AI score0.0133EPSS
CVE
CVE
added 2019/04/25 8:17 p.m.57 views

CVE-2019-3801

CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...

9.8CVSS9.3AI score0.00588EPSS
CVE
CVE
added 2019/03/07 7:0 p.m.48 views

CVE-2019-3775

The CVE-2019-3775 entry concerns Cloud Foundry UAA prior to v70.0, where an authenticated user can modify their own email address, enabling impersonation of another user. The vulnerability is described as an authorization issue in multiple sources (CNVD/CVE records) and Cloud Foundry’s own adviso...

7.1CVSS6.4AI score0.00876EPSS
CVE
CVE
added 2025/05/13 5:14 a.m.48 views

CVE-2025-22246

CVE-2025-22246 affects Cloud Foundry UAA releases from 77.21.0 up to 77.31.0 (and CF deployment 45.1.0 to 48.11.0) with a private key exposure in logs. Root cause and exact vulnerability mechanics are described in the Cloud Foundry advisory: upgrading UAA to 77.32.0+ and CF deployment to 49.0.0+ ...

7.5CVSS3.8AI score0.00173EPSS
CVE
CVE
added 2019/04/25 8:17 p.m.46 views

CVE-2019-3788

Cloud Foundry UAA (OSS) prior to v71.0 is vulnerable due to insecure redirect URI configuration that allows wildcards in the redirect URI subdomain. A remote, unauthenticated attacker can craft phishing links to obtain a UAA access code from victims. Affected product/version: UAA Release pre-71.0...

8.7CVSS6.6AI score0.00832EPSS