Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudfoundry uaa-release vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-11293
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided vi...
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
445
VMScore
CVE-2019-11290
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
Cloudfoundry Cf-deployment
Cloudfoundry User Account And Authentication
578
VMScore
CVE-2019-11279
CF UAA versions before 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
Cloudfoundry Uaa Release
516
VMScore
CVE-2019-3788
Cloud Foundry UAA Release, versions before 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA a...
Cloudfoundry Uaa Release
445
VMScore
CVE-2019-3801
Cloud Foundry cf-deployment, versions before 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the compo...
Cloudfoundry Credhub
Cloudfoundry Cf-deployment
Cloudfoundry Uaa Release
356
VMScore
CVE-2019-3775
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
Cloudfoundry Uaa Release
578
VMScore
CVE-2018-15761
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions before 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalate...
Pivotal Software Cloud Foundry Uaa
Pivotal Software Cloudfoundry Uaa Release
445
VMScore
CVE-2018-11082
Cloud Foundry UAA, all versions before 4.20.0 and Cloud Foundry UAA Release, all versions before 61.0, allows brute forcing of MFA codes. A remote unauthenticated malicious user in possession of a valid username and password can brute force MFA to login as the targeted user.
Pivotal Software Cloudfoundry Uaa Release
Pivotal Software Cloudfoundry Uaa
578
VMScore
CVE-2018-1262
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, g...
Pivotal Software Cloud Foundry Uaa 4.13.2
Pivotal Software Cloud Foundry Uaa 4.13.3
Pivotal Software Cloud Foundry Uaa 4.13.1
Pivotal Software Cloud Foundry Uaa 4.12.1
Pivotal Software Cloud Foundry Uaa 4.13.4
Pivotal Software Cloud Foundry Uaa 4.12.0
Pivotal Software Cloud Foundry Uaa 4.13.0
Pivotal Software Cloud Foundry Uaa 4.12.2
Pivotal Software Cloud Foundry Uaa-release 57.1
Pivotal Software Cloud Foundry Uaa-release 58
Pivotal Software Cloud Foundry Uaa-release 57
Cloudfoundry Cf-deployment
312
VMScore
CVE-2017-8031
An issue exists in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions before 30.6, 45.x versions before 45.4, 52.x versions before 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for o...
Cloudfoundry Cf-release
Cloudfoundry Uaa-release
Cloudfoundry Uaa-release 52
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »