Lucene search

PivotalCVELIST:CVE-2019-11270

HistoryAug 05, 2019 - 4:21 p.m.

CVE-2019-11270 UAA clients.write vulnerability

2019-08-0516:21:54

CWE-269

pivotal

www.cve.org

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

36.2%

JSON

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the ‘clients.write’ authority or scope can bypass the restrictions imposed on clients created via ‘clients.write’ and create clients with arbitrary scopes that the creator does not possess.

CNA Affected

[
  {
    "product": "UAA Release (OSS)",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "status": "affected",
        "version": "prior to v73.4.0"
      }
    ]
  }
]

References

pivotal.io/security/cve-2019-11270

www.cloudfoundry.org/blog/cve-2019-11270

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

36.2%

JSON

Related for CVELIST:CVE-2019-11270