CVE-2019-11279
Privilege Escalation via Scope Manipulation in UAA
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Productos afectados
Cloud Foundry · UAA Release (OSS)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →