CVE-2019-11268

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11268
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11268.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11268
Published
2019-07-11T18:15:12Z
Modified
2024-09-03T02:22:50.605553Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.

References

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

ci-upgrade
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v3
v30
v31
v33
v39
v4
v40
v41
v43
v44
v45
v5
v50
v51
v52
v53
v54
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9

v11.*

v11.1
v11.2
v11.3

v12.*

v12.1
v12.2
v12.3

v30.*

v30.1

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v64.*

v64.0

v66.*

v66.0

v67.*

v67.0

v68.*

v68.0

v69.*

v69.0

v70.*

v70.0

v71.*

v71.0

v72.*

v72.0

v73.*

v73.0.0