Описание
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.12.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:4.13.4:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:57.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:58:*:*:*:*:*:*:*
Конфигурация 3Версия от 1.27.0 (включая) до 1.31.0 (включая)
cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00392
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
EPSS
Процентиль: 60%
0.00392
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo