Open Redirect Vulnerability in Cloud Foundry UAA
CVE-2018-11041

6.1MEDIUM

Key Information:

Vendor: Cloud Foundry
Status: Cloud Foundry Uaa
Vendor: CVE Published:; 25 June 2018

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2018-11041?

Cloud Foundry UAA has a vulnerability that allows for open redirects due to insufficient validation of redirect URL parameters on the login page. This flaw can be exploited by a remote attacker to create a malicious link that redirects users to unintended external sites following successful login attempts. Exploiting this vulnerability can potentially compromise the security of user sessions and lead to phishing attacks or other malicious activities.

Affected Version(s)

Cloud Foundry UAA later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5

References

https://www.cloudfoundry.org/blog/cve-2018-11041/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2018
Vulnerability Reserved
May 14, 2018

CVE-2018-11041 Data

JSON