CVE-2018-15761

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-15761

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15761.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-15761

Aliases

GHSA-292x-hjr8-226f

Published

2018-11-19T14:29:00Z

Modified

2024-09-03T02:06:09.306756Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

References

https://www.cloudfoundry.org/blog/cve-2018-15761/

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

206e2a3a8a08bf89cf46a0c65ed43bf0514b1826

Type: GIT
Repo: https://github.com/cloudfoundry/uaa-release
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f34df0ec7b065d4f9de2c952e117df1b7f1134b8

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.10

1.11

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.2.0

2.2.4

2.2.4.1

2.2.5

2.2.6

2.3.0

2.3.1

2.3.1.1

2.4.0

2.4.1

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2

2.7.0

2.7.0.1

2.7.0.2

2.7.0.3

2.7.1

2.7.2

2.7.3

3.*

3.0.0

3.0.1

3.1.0

3.10.0

3.11.0

3.12.0

3.13.0

3.14.0

3.15.0

3.16.0

3.2.0

3.2.1

3.3.0

3.3.0.1

3.4.0

3.4.1

3.4.2

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

4.*

4.0.0

4.1.0

4.10.0

4.11.0

4.12.0

4.12.1

4.13.0

4.13.1

4.13.2

4.13.3

4.13.4

4.14.0

4.15.0

4.16.0

4.17.0

4.18.0

4.19.0

4.2.0

4.20.0

4.21.0

4.22.0

4.3.0

4.4.0

4.5.0

4.6.0

4.6.1

4.7.0

4.7.1

4.7.2

4.8.0

4.8.1

4.8.2

4.8.3

4.9.0

Other

ci-upgrade

lenient_hybrid_flow

travis-success-1475

travis-success-1478

travis-success-1497

v10

v11

v12

v13

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v28

v30

v31

v33

v39

v40

v41

v43

v44

v45

v50

v51

v52

v53

v54

v55

v56

v57

v58

v59

v60

releases/4.*

releases/4.15.0

v11.*

v11.1

v11.2

v11.3

v12.*

v12.1

v12.2

v12.3

v30.*

v30.1

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0