CVE-2019-11268

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

Published: Jul 11, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11268
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-116

Affected Software
References

Software	From	Fixed in
pivotal_software / cloud_foundry_uaa-release	-	73.3.0

https://www.cloudfoundry.org/blog/cve-2019-11268

Vulnerability Database

289,784

CVE-2019-11268