Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:pivotal_software:cloud_foundry_uaa-release:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "60.0"
},
{
"fixed": "66.0"
}
]
}