First published: Mon Nov 19 2018(Updated: )
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
Credit: security_alert@emc.com security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pivotal Software Cloud Foundry Uaa | <4.23.0 | |
Pivotal Software Cloudfoundry Uaa Release | <64.0 | |
maven/org.cloudfoundry.identity:cloudfoundry-identity-server | <4.23.0 | 4.23.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15761 is a vulnerability in Cloud Foundry UAA and UAA release versions that allows for privilege escalation.
CVE-2018-15761 has a severity rating of 8.8 (critical).
Cloud Foundry UAA versions prior to 4.23.0 and UAA release versions prior to v64.0 are affected by CVE-2018-15761.
A remote authenticated user can modify the consent page URL and content to gain a token with arbitrary scopes, thereby escalating their privileges.
You can find more information about CVE-2018-15761 at the following link: https://www.cloudfoundry.org/blog/cve-2018-15761/