Cloudfoundry Uaa Release
By the Year
In 2024 there have been 0 vulnerabilities in Cloudfoundry Uaa Release . Uaa Release did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 4 | 7.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Uaa Release vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cloudfoundry Uaa Release Security Vulnerabilities
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes
CVE-2019-11279
8.8 - High
- September 26, 2019
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
Improper Privilege Management
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri
CVE-2019-3788
6.1 - Medium
- April 25, 2019
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
Open Redirect
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components
CVE-2019-3801
9.8 - Critical
- April 25, 2019
Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.
Cleartext Transmission of Sensitive Information
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address
CVE-2019-3775
6.5 - Medium
- March 07, 2019
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
authentification
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6
CVE-2017-8031
5.3 - Medium
- November 27, 2017
An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13
CVE-2016-0732
8.8 - High
- September 07, 2017
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.
Improper Privilege Management
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cloudfoundry Cf Release or by Cloudfoundry? Click the Watch button to subscribe.
