CVE-2019-11270
- Source
- https://cve.org/CVERecord?id=CVE-2019-11270
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11270.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11270
- Published
- 2019-08-05T17:15:10.820Z
- Modified
- 2026-04-10T04:14:09.785104Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
- References
Affected packages
Git / github.com/cloudfoundry/uaa
Affected ranges
Affected versions
2.*
2.6.0
2.6.1
Other
ci-upgrade
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
v12.*
v12.3
v61.*
v61.0
v62.*
v62.0
v63.*
v63.0
v64.*
v64.0
v66.*
v66.0
v67.*
v67.0
v68.*
v68.0
v69.*
v69.0
v70.*
v70.0
v71.*
v71.0
v72.*
v72.0
v73.*
v73.0.0
v73.3.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11270.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.15"
}
]
},
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.11"
}
]
},
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.7"
}
]
},
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.22"
}
]
},
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.16"
}
]
},
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.10"
}
]
},
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.4"
}
]
}
]