CVE-2019-3775

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-3775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3775
Published
2019-03-07T18:29:00Z
Modified
2024-09-03T02:51:21.755391Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

References

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other

ci-upgrade
v10
v11
v12
v13
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v28
v3
v30
v31
v33
v39
v4
v40
v41
v43
v44
v45
v5
v50
v51
v52
v53
v54
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9

v11.*

v11.1
v11.2
v11.3

v12.*

v12.1
v12.2
v12.3

v30.*

v30.1

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v64.*

v64.0

v66.*

v66.0

v67.*

v67.0

v68.*

v68.0

v69.*

v69.0