UAA clients.write vulnerability
CVE-2019-11270

7.3HIGH

Key Information:

Vendor: Cloud Foundry
Status: Uaa Release (oss)
Vendor: CVE Published:; 5 August 2019

🔔 Create Cloud Foundry Vulnerability Alert

What is CVE-2019-11270?

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

Affected Version(s)

UAA Release (OSS) prior to v73.4.0

References

https://www.cloudfoundry.org/blog/cve-2019-11270

x_refsource_CONFIRM

https://pivotal.io/security/cve-2019-11270

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

CVSS V3.0

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2019
Vulnerability Reserved
Apr 18, 2019

CVE-2019-11270 Data

JSON