CVE-2018-15754 is a vulnerability in Pivotal Software Cloud Foundry Uaa Release
Published on December 13, 2018
UAA can issue tokens across identity providers if users with matching usernames exist
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
Products Associated with CVE-2018-15754
Want to know whenever a new CVE is published for Pivotal Software Cloud Foundry Uaa Release? stack.watch will email you.
Affected Versions
Cloud Foundry UAA Release:- Version 60 and below 66.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.