CVE-2019-11270
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11270
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11270.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11270
- Published
- 2019-08-05T17:15:10Z
- Modified
- 2025-01-14T07:44:37.555819Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
- References
Affected packages
Git / github.com/cloudfoundry/uaa
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa
- Events
- Type
- GIT
- Repo
- https://github.com/cloudfoundry/uaa-release
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.6.0
2.6.1
Other
ci-upgrade
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v3
v30
v31
v33
v39
v4
v40
v41
v43
v44
v45
v5
v50
v51
v52
v53
v54
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
v11.*
v11.1
v11.2
v11.3
v12.*
v12.1
v12.2
v12.3
v30.*
v30.1
v61.*
v61.0
v62.*
v62.0
v63.*
v63.0
v64.*
v64.0
v66.*
v66.0
v67.*
v67.0
v68.*
v68.0
v69.*
v69.0
v70.*
v70.0
v71.*
v71.0
v72.*
v72.0
v73.*
v73.0.0
v73.3.0