CVE-2019-3775

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-3775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3775
Published
2019-03-07T18:29:00.367Z
Modified
2026-04-10T04:19:19.175160Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.

References

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c1eaa4ec5cf2b5044e3f1d988943f1a15c15a2c3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "70.0"
        }
    ]
}

Affected versions

Other
ci-upgrade
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
v12.*
v12.3
v61.*
v61.0
v62.*
v62.0
v63.*
v63.0
v64.*
v64.0
v66.*
v66.0
v67.*
v67.0
v68.*
v68.0
v69.*
v69.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3775.json"