CVE-2019-11270

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-11270
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11270.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-11270
Published
2019-08-05T17:15:10Z
Modified
2024-06-06T12:35:39.228710Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

References

Affected packages

Git / github.com/cloudfoundry/uaa

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa
Events
Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.6.0
2.6.1

Other

ci-upgrade
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v3
v30
v31
v33
v39
v4
v40
v41
v43
v44
v45
v5
v50
v51
v52
v53
v54
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9

v11.*

v11.1
v11.2
v11.3

v12.*

v12.1
v12.2
v12.3

v30.*

v30.1

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v64.*

v64.0

v66.*

v66.0

v67.*

v67.0

v68.*

v68.0

v69.*

v69.0

v70.*

v70.0

v71.*

v71.0

v72.*

v72.0

v73.*

v73.0.0
v73.3.0