CVE-2019-3788

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3788

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3788.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3788

Published

2019-04-25T21:29:00.743Z

Modified

2026-04-10T04:18:05.810905Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.

References

https://www.cloudfoundry.org/blog/cve-2019-3788

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type

GIT

Repo

https://github.com/cloudfoundry/uaa-release

Events

Introduced

Fixed

a26e64f024d2e98d94858b0d9ce76563e77d724a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "71.0"
        }
    ]
}

Affected versions

Other

ci-upgrade

v10

v11

v12

v14

v15

v16

v17

v18

v19

v20

v21

v22

v23

v24

v25

v26

v27

v31

v53

v55

v56

v57

v58

v59

v60

v12.*

v12.3

v61.*

v61.0

v62.*

v62.0

v63.*

v63.0

v64.*

v64.0

v66.*

v66.0

v67.*

v67.0

v68.*

v68.0

v69.*

v69.0

v70.*

v70.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3788.json"