exploitDog

CVE-2025-22216

Опубликовано: 31 янв. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.

Ссылки

https://www.cloudfoundry.org/blog/cve-2025-22216-uaa-missing-zone-validation/

EPSS

Процентиль: 15%

0.00048

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-384

Связанные уязвимости

GHSA-g68x-c5mc-5vwr

CVSS3: 5.4

github

около 1 года назад

A UAA configured with multiple identity zones, does not properly validate session information across those zones. A User authenticated against a corporate IDP can re-use their jsessionid to access other zones.

EPSS

Процентиль: 15%

0.00048

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-384