CVE-2019-3775
UAA allows users to modify their own email address
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
Affected products
Cloud Foundry · UAA Release (OSS)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →