CVE-2018-15754

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-15754
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15754.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-15754
Published
2018-12-13T22:29:00.280Z
Modified
2026-04-10T04:06:20.356253Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

References

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4e675abc1f6d7c24dc2856de11fad3183f86348b
Database specific 
{
    "versions": [
        {
            "introduced": "60.0"
        },
        {
            "fixed": "66.0"
        }
    ]
}

Affected versions

Other
ci-upgrade
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
v12.*
v12.3
v61.*
v61.0
v62.*
v62.0
v63.*
v63.0
v64.*
v64.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15754.json"