cloudfoundry-identity-server is vulnerable to information disclosure. The vulnerability exists as it defaults to sending emails to @unknown.org
if a user’s email address is not provided, allowing the owner of the unknown.org
domain to receive password recovery emails of other users.
CPE | Name | Operator | Version |
---|---|---|---|
uaa server | le | 4.30.0 |