Cloud Foundry prior to 248; UAA 2.x prior to 2.7.4.12, 3.x prior to 3.6.5, and 3.7.x up to and including 3.9.x prior to 3.9.3; and UAA bosh release (aka uaa-release) prior to 13.9 for UAA 3.6.5 and prior to 24 for UAA 3.9.3 allow malicious users to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry cloud foundry uaa bosh |
||
pivotal software cloud foundry |
||
pivotal software cloud foundry uaa |