Описание
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- MitigationVendor Advisory
- Third Party AdvisoryVDB Entry
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
EPSS
4.2 Medium
CVSS3
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
EPSS
4.2 Medium
CVSS3
8.8 High
CVSS3
4 Medium
CVSS2