OAuth Vulnerability in Pivotal Cloud Foundry and UAA Products
CVE-2016-6636

5.3MEDIUM

What is CVE-2016-6636?

The OAuth authorization implementation in various versions of Pivotal Cloud Foundry and UAA products improperly handles the redirect_uri subdomains. This misconfiguration enables remote attackers to craft malicious subdomains, potentially allowing them to obtain access tokens unintentionally granted through OAuth processes. It emphasizes the importance of ensuring robust validation and handling of redirect URIs to mitigate risks of unauthorized access and token exposure.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.