cloudfoundry-identity-server is vulnerable to authorization bypasses. A malicious user can use a refresh token to gain access to the application instead of using an access token, allowing them to stay authenticated longer.
CPE | Name | Operator | Version |
---|---|---|---|
uaa server | le | 4.5.6 | |
uaa server | le | 4.12.3 | |
uaa server | le | 4.19.0 | |
uaa server | le | 4.7.5 | |
uaa server | le | 4.10.1 |