In Cloud Foundry UAA, versions before 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cloudfoundry cf-deployment |
||
cloudfoundry user account and authentication |