Potential Security Risk: Incorrect User Permissions in Cloud Foundry UAA
CVE-2024-38806

3.9LOW

Key Information:

Vendor: Cloud Foundry Foundation
Status: Uaa
Vendor: CVE Published:; 18 July 2024

🔔 Create Cloud Foundry Foundation Vulnerability Alert

What is CVE-2024-38806?

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.

Affected Version(s)

UAA v77.10.0 and below

References

https://www.cloudfoundry.org/blog/cve-2024-38806-uaa-fail...

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Jun 19, 2024

CVE-2024-38806 Data

JSON