CVE-2019-11268

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11268

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11268.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-11268

Published

2019-07-11T18:15:12.480Z

Modified

2026-04-10T04:14:09.339945Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

References

https://www.cloudfoundry.org/blog/cve-2019-11268

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/uaa-release

Events

Introduced

Fixed

265281a6055a7955cb2402bfdf1e9598d44eb135

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "73.3.0"
        }
    ]
}

Affected versions

Other

ci-upgrade

v10

v11

v12

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v31

v53

v55

v56

v57

v58

v59

v60

v12.*

v12.3

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v64.*

v64.0

v66.*

v66.0

v67.*

v67.0

v68.*

v68.0

v69.*

v69.0

v70.*

v70.0

v71.*

v71.0

v72.*

v72.0

v73.*

v73.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11268.json"