An issue exists in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions before 30.6, 45.x versions before 45.4, 52.x versions before 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry cf-release |
||
cloudfoundry uaa-release |
||
cloudfoundry uaa-release 52 |