Lucene search
Veracode Vulnerability DatabaseVERACODE:7149HistoryJul 25, 2018 - 3:23 a.m.
Authorization Bypass
2018-07-2503:23:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
36.5%
cloudfoundry-identity-server is vulnerable to authorization bypasses. A malicious user can use a refresh token to gain access to the application instead of using an access token, allowing them to stay authenticated longer.
| CPE | Name | Operator | Version |
|---|---|---|---|
| uaa server | le | 4.5.6 | |
| uaa server | le | 4.12.3 | |
| uaa server | le | 4.19.0 | |
| uaa server | le | 4.7.5 | |
| uaa server | le | 4.10.1 |
Related
osv
osv
Cloud Foundry UAA accepts refresh token as access token on admin endpoints
2022-05-13 01:49:00
CVE-2018-11047
2018-07-24 19:29:00
cvelist
cvelist
CVE-2018-11047
2018-07-18 00:00:00
cloudfoundry
cloudfoundry
nvd
nvd
CVE-2018-11047
2018-07-24 19:29:00
prion
prion
Code injection
2018-07-24 19:29:00
cve
cve
CVE-2018-11047
2018-07-24 19:29:00
ibm
ibm
github
github
Cloud Foundry UAA accepts refresh token as access token on admin endpoints
2022-05-13 01:49:00