cloudfoundry-identity-server is vulnerable to privilege escalation. External input is directly appended to an SCIM query, allowing a remote attacker with client.write
and groups.update
to inject and execute a malicious SCIM query. This allows the retrieval of confidential information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes.
CPE | Name | Operator | Version |
---|---|---|---|
uaa server | le | 4.30.0 |