CVE-2019-11270

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

Published: Aug 5, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11270
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
pivotal_software / cloud_foundry_uaa	-	73.4.0
pivotal_software / operations_manager	2.6.0	2.6.4
pivotal_software / operations_manager	2.5.0	2.5.10
pivotal_software / operations_manager	2.4.0	2.4.16
pivotal_software / operations_manager	2.3.0	2.3.22
pivotal_software / application_service	2.6.0	2.6.2
pivotal_software / application_service	2.5.0	2.5.7
pivotal_software / application_service	2.4.0	2.4.11
pivotal_software / application_service	2.3.0	2.3.15

Vulnerability Database

289,599

CVE-2019-11270