CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
36.2%
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ‘clients.write’ authority or scope can bypass the restrictions imposed on clients created via ‘clients.write’ and create clients with arbitrary scopes that the creator does not possess.
[
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"status": "affected",
"version": "prior to v73.4.0"
}
]
}
]