CVE-2019-3775
UAA allows users to modify their own email address
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
Productos afectados
Cloud Foundry · UAA Release (OSS)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →