5 matches found
CVE-2019-11279
This CVE affects Cloud Foundry UAA before 74.1.0. The issue allows a remote attacker to escalate privileges by submitting an array of scopes for a client, enabling them to obtain any scope and take control of UAA and its resources. Affected product: Cloud Foundry UAA (versions prior to 74.1.0). R...
CVE-2019-3801
CVE-2019-3801 affects Cloud Foundry cf-deployment versions prior to 7.9.0. The Java components fetch dependencies over an insecure HTTP channel, enabling a remote, unauthenticated attacker to hijack the dependency DNS entry and inject malicious code into the component during build. Practical impa...
CVE-2019-3775
The CVE-2019-3775 entry concerns Cloud Foundry UAA prior to v70.0, where an authenticated user can modify their own email address, enabling impersonation of another user. The vulnerability is described as an authorization issue in multiple sources (CNVD/CVE records) and Cloud Foundry’s own adviso...
CVE-2025-22246
CVE-2025-22246 affects Cloud Foundry UAA releases from 77.21.0 up to 77.31.0 (and CF deployment 45.1.0 to 48.11.0) with a private key exposure in logs. Root cause and exact vulnerability mechanics are described in the Cloud Foundry advisory: upgrading UAA to 77.32.0+ and CF deployment to 49.0.0+ ...
CVE-2019-3788
Cloud Foundry UAA (OSS) prior to v71.0 is vulnerable due to insecure redirect URI configuration that allows wildcards in the redirect URI subdomain. A remote, unauthenticated attacker can craft phishing links to obtain a UAA access code from victims. Affected product/version: UAA Release pre-71.0...