CVE-2017-4959

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-4959
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-4959.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-4959
Published
2017-06-13T06:29:00Z
Modified
2024-09-03T01:55:12.914563Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.

References

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa
Events

Affected versions

1.*

1.0.1
1.0.2
1.0.3
1.1
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.8.3
1.9.0