CVE-2018-15754

Published: Dec 13, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

Affected (1)

Products: Pivotal Software: Cloud Foundry Uaa Release

Pivotal Software

1 product

Cloud Foundry Uaa Release

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Cloud Foundry Uaa Release	From 60.0 to 66.0

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

http://www.securityfocus.com/bid/106240

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://www.cloudfoundry.org/blog/cve-2018-15754

Source: security_alert@emc.com

MitigationVendor Advisory

https://www.cloudfoundry.org/blog/cve-2018-15754/

Source: security_alert@emc.com

MitigationVendor Advisory

http://www.securityfocus.com/bid/106240

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cloudfoundry.org/blog/cve-2018-15754

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.cloudfoundry.org/blog/cve-2018-15754/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.