CVE-2018-15761
- Source
- https://cve.org/CVERecord?id=CVE-2018-15761
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15761.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-15761
- Aliases
- Published
- 2018-11-19T14:29:00.467Z
- Modified
- 2026-04-10T04:06:20.582784Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
- References
Affected packages
Git / github.com/cloudfoundry/uaa
Affected ranges
Affected versions
1.*
1.0.1
1.0.3
1.1
1.1.1
1.1.2
1.2.0
1.2.6
1.4.0
1.4.1
1.4.2
1.4.3
1.4.5
1.4.6
1.4.7
1.5.0
1.5.2
1.5.2.1
1.5.3
1.5.4
1.5.4.1
1.6.1
1.6.2
1.8.0
4.*
4.10.0
4.11.0
4.12.0
4.15.0
4.16.0
4.17.0
4.18.0
4.19.0
4.20.0
4.21.0
4.22.0
4.9.0
Other
ci-upgrade
travis-success-1475
travis-success-1478
travis-success-1497
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
releases/4.*
releases/4.15.0
v12.*
v12.3
v61.*
v61.0
v62.*
v62.0
v63.*
v63.0