CVE-2019-3794

Source
https://cve.org/CVERecord?id=CVE-2019-3794
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3794.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-3794
Published
2019-07-18T16:15:12.530Z
Modified
2026-04-10T04:18:05.164158Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.

References

Affected packages

Git / github.com/cloudfoundry/uaa-release

Affected ranges

Type
GIT
Repo
https://github.com/cloudfoundry/uaa-release
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "73.4.0"
        }
    ]
}

Affected versions

Other
ci-upgrade
v10
v11
v12
v14
v15
v16
v17
v18
v19
v2
v20
v21
v22
v23
v24
v25
v26
v27
v3
v31
v53
v55
v56
v57
v58
v59
v6
v60
v7
v8
v9
v12.*
v12.3
v61.*
v61.0
v62.*
v62.0
v63.*
v63.0
v64.*
v64.0
v66.*
v66.0
v67.*
v67.0
v68.*
v68.0
v69.*
v69.0
v70.*
v70.0
v71.*
v71.0
v72.*
v72.0
v73.*
v73.0.0
v73.3.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3794.json"