An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2.2.5.4"
},
{
"last_affected": "2.2.5.4"
},
{
"introduced": "2.2.5.4"
},
{
"last_affected": "2.2.5.4"
}
],
"source": "CPE_STRING",
"vendor_product": "pivotal_software:cloud_foundry_uaa",
"cpes": [
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*"
]
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "256"
}
]
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*",
"cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.2.5.4"
},
{
"last_affected": "2.2.5.4"
},
{
"introduced": "2.7.1"
},
{
"last_affected": "2.7.1"
},
{
"introduced": "2.7.2"
},
{
"last_affected": "2.7.2"
},
{
"introduced": "2.7.3"
},
{
"last_affected": "2.7.3"
},
{
"introduced": "2.7.4"
},
{
"last_affected": "2.7.4"
},
{
"introduced": "2.7.4.1"
},
{
"last_affected": "2.7.4.1"
},
{
"introduced": "2.7.4.2"
},
{
"last_affected": "2.7.4.2"
},
{
"introduced": "2.7.4.3"
},
{
"last_affected": "2.7.4.3"
},
{
"introduced": "2.7.4.4"
},
{
"last_affected": "2.7.4.4"
},
{
"introduced": "2.7.4.5"
},
{
"last_affected": "2.7.4.5"
},
{
"introduced": "2.7.4.6"
},
{
"last_affected": "2.7.4.6"
},
{
"introduced": "2.7.4.7"
},
{
"last_affected": "2.7.4.7"
},
{
"introduced": "2.7.4.8"
},
{
"last_affected": "2.7.4.8"
},
{
"introduced": "2.7.4.9"
},
{
"last_affected": "2.7.4.9"
},
{
"introduced": "2.7.4.11"
},
{
"last_affected": "2.7.4.11"
},
{
"introduced": "2.7.4.12"
},
{
"last_affected": "2.7.4.12"
},
{
"introduced": "2.7.4.13"
},
{
"last_affected": "2.7.4.13"
},
{
"introduced": "3.6.1"
},
{
"last_affected": "3.6.1"
},
{
"introduced": "3.6.2"
},
{
"last_affected": "3.6.2"
},
{
"introduced": "3.6.3"
},
{
"last_affected": "3.6.3"
},
{
"introduced": "3.6.4"
},
{
"last_affected": "3.6.4"
},
{
"introduced": "3.6.5"
},
{
"last_affected": "3.6.5"
},
{
"introduced": "3.6.6"
},
{
"last_affected": "3.6.6"
},
{
"introduced": "3.6.7"
},
{
"last_affected": "3.6.7"
},
{
"introduced": "3.9.1"
},
{
"last_affected": "3.9.1"
},
{
"introduced": "3.9.2"
},
{
"last_affected": "3.9.2"
},
{
"introduced": "3.9.3"
},
{
"last_affected": "3.9.3"
},
{
"introduced": "3.9.4"
},
{
"last_affected": "3.9.4"
},
{
"introduced": "3.9.5"
},
{
"last_affected": "3.9.5"
},
{
"introduced": "3.9.6"
},
{
"last_affected": "3.9.6"
},
{
"introduced": "3.9.7"
},
{
"last_affected": "3.9.7"
},
{
"introduced": "3.9.8"
},
{
"last_affected": "3.9.8"
},
{
"introduced": "3.9.9"
},
{
"last_affected": "3.9.9"
},
{
"introduced": "3.9.12"
},
{
"last_affected": "3.9.12"
},
{
"introduced": "3.9.13"
},
{
"last_affected": "3.9.13"
}
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*",
"cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "30"
},
{
"introduced": "13.1"
},
{
"last_affected": "13.1"
},
{
"introduced": "13.2"
},
{
"last_affected": "13.2"
},
{
"introduced": "13.3"
},
{
"last_affected": "13.3"
},
{
"introduced": "13.4"
},
{
"last_affected": "13.4"
},
{
"introduced": "13.5"
},
{
"last_affected": "13.5"
},
{
"introduced": "13.6"
},
{
"last_affected": "13.6"
},
{
"introduced": "13.7"
},
{
"last_affected": "13.7"
},
{
"introduced": "13.8"
},
{
"last_affected": "13.8"
},
{
"introduced": "13.9"
},
{
"last_affected": "13.9"
},
{
"introduced": "13.10"
},
{
"last_affected": "13.10"
},
{
"introduced": "13.11"
},
{
"last_affected": "13.11"
},
{
"introduced": "24"
},
{
"last_affected": "24"
},
{
"introduced": "24.1"
},
{
"last_affected": "24.1"
},
{
"introduced": "24.2"
},
{
"last_affected": "24.2"
},
{
"introduced": "24.3"
},
{
"last_affected": "24.3"
},
{
"introduced": "24.4"
},
{
"last_affected": "24.4"
},
{
"introduced": "24.5"
},
{
"last_affected": "24.5"
},
{
"introduced": "24.6"
},
{
"last_affected": "24.6"
},
{
"introduced": "30.1"
},
{
"last_affected": "30.1"
},
{
"introduced": "30.2"
},
{
"last_affected": "30.2"
},
{
"introduced": "30.3"
},
{
"last_affected": "30.3"
}
]
}