CVE-2021-22001

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-22001

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22001.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-22001

Published

2021-07-22T14:15:07.867Z

Modified

2025-12-08T23:53:39.863428Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.

References

https://www.cloudfoundry.org/blog/cve-2021-22001-sensitive-info-leakage-in-uaa-during-identity-provider-deletion/

Affected packages

Git / github.com/cloudfoundry/cf-deployment

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/cf-deployment
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bffe11bd7081cd3d317fe3a7840e0c4b421780a7

Affected versions

v0.*

v0.0.0

v0.0.1

v0.0.2

v0.1.0

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.19.0

v0.2.0

v0.2.1

v0.2.2

v0.20.0

v0.21.0

v0.22.0

v0.23.0

v0.24.0

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.32.1

v0.33.0

v0.34.0

v0.35.0

v0.36.0

v0.37.0

v0.4.0

v0.5.0

v0.7.0

v0.8.0

v0.9.0

v0.9.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.3.1

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.39.0

v1.4.0

v1.40.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v10.*

v10.0.0

v10.1.0

v11.*

v11.0.0

v11.1.0

v11.2.0

v12.*

v12.0.0

v12.1.0

v12.10.0

v12.11.0

v12.12.0

v12.13.0

v12.14.0

v12.15.0

v12.16.0

v12.17.0

v12.18.0

v12.19.0

v12.2.0

v12.20.0

v12.21.0

v12.22.0

v12.23.0

v12.24.0

v12.25.0

v12.26.0

v12.27.0

v12.28.0

v12.29.0

v12.3.0

v12.30.0

v12.31.0

v12.32.0

v12.33.0

v12.34.0

v12.35.0

v12.36.0

v12.37.0

v12.38.0

v12.39.0

v12.4.0

v12.40.0

v12.41.0

v12.42.0

v12.43.0

v12.44.0

v12.45.0

v12.5.0

v12.6.0

v12.7.0

v12.8.0

v12.9.0

v13.*

v13.0.0

v13.1.0

v13.10.0

v13.11.0

v13.12.0

v13.13.0

v13.14.0

v13.15.0

v13.16.0

v13.17.0

v13.18.0

v13.19.0

v13.2.0

v13.20.0

v13.21.0

v13.22.0

v13.23.0

v13.3.0

v13.4.0

v13.5.0

v13.6.0

v13.7.0

v13.8.0

v13.9.0

v14.*

v14.0.0

v15.*

v15.0.0

v15.1.0

v15.2.0

v15.3.0

v15.4.0

v15.5.0

v15.6.0

v15.7.0

v16.*

v16.0.0

v16.1.0

v16.10.0

v16.11.0

v16.12.0

v16.13.0

v16.14.0

v16.15.0

v16.16.0

v16.17.0

v16.2.0

v16.3.0

v16.4.0

v16.5.0

v16.6.0

v16.7.0

v16.8.0

v16.9.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.3.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.1.0

v3.2.0

v3.3.0

v3.4.0

v3.5.0

v3.6.0

v4.*

v4.0.0

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v5.*

v5.0.0

v5.1.0

v5.2.0

v5.3.0

v5.4.0

v5.5.0

v6.*

v6.0.0

v6.1.0

v6.10.0

v6.2.0

v6.3.0

v6.4.0

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.9.0

v7.*

v7.0.0

v7.1.0

v7.10.0

v7.11.0

v7.2.0

v7.3.0

v7.4.0

v7.5.0

v7.6.0

v7.8.0

v7.9.0

v8.*

v8.0.0

v8.1.0

v9.*

v9.0.0

v9.1.0

v9.2.0

v9.3.0

v9.4.0

v9.5.0

Git / github.com/cloudfoundry/uaa

Affected ranges

Type: GIT
Repo: https://github.com/cloudfoundry/uaa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1ad6506aa69a668d4909a5416fc0c567733e4f18

Affected versions

1.*

1.0.1

1.0.2

1.0.3

1.1

1.1.1

1.1.2

1.10

1.11

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.5.0

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.4.1

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.8.3

1.9.0

1.9.1

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.0

2.2.0

2.2.4

2.2.4.1

2.2.5

2.2.6

2.3.0

2.3.1

2.3.1.1

2.4.0

2.4.1

2.5.0

2.5.1

2.5.2

2.6.0

2.6.1

2.6.2

2.7.0

2.7.0.1

2.7.0.2

2.7.0.3

2.7.1

2.7.2

2.7.3

3.*

3.0.0

3.0.1

3.1.0

3.10.0

3.11.0

3.12.0

3.13.0

3.14.0

3.15.0

3.16.0

3.2.0

3.2.1

3.3.0

3.3.0.1

3.4.0

3.4.1

3.4.2

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

3.9.3

4.*

4.0.0

4.1.0

4.10.0

4.11.0

4.12.0

4.12.1

4.13.0

4.13.1

4.13.2

4.13.3

4.13.4

4.14.0

4.15.0

4.16.0

4.17.0

4.18.0

4.19.0

4.2.0

4.20.0

4.21.0

4.22.0

4.23.0

4.24.0

4.25.0

4.26.0

4.27.0

4.28.0

4.29.0

4.3.0

4.30.0

4.31.0

4.35.0

4.4.0

4.5.0

4.6.0

4.6.1

4.7.0

4.7.1

4.7.2

4.8.0

4.8.1

4.8.2

4.8.3

4.9.0

Other

lenient_hybrid_flow

travis-success-1475

travis-success-1478

travis-success-1497

releases/4.*

releases/4.15.0

v73.*

v73.7.0

v74.*

v74.0.0

v74.1.0

v74.10.0

v74.11.0

v74.12.0

v74.13.0

v74.14.0

v74.15.0

v74.16.0

v74.17.0

v74.18.0

v74.19.0

v74.2.0

v74.20.0

v74.3.0

v74.4.0

v74.5.0

v74.6.0

v74.7.0

v74.8.0

v74.9.0

v75.*

v75.2.0