Authorization

2016-09-3000:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.6%

JSON

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.

CPENameOperatorVersion
cloud_foundry_uaa_boshle12.3
cloud_foundryle241
cloud_foundry_elastic_runtimeeq1.6.5
cloud_foundry_elastic_runtimeeq1.8.0
cloud_foundry_elastic_runtimeeq1.6.13
cloud_foundry_elastic_runtimeeq1.7.6
cloud_foundry_elastic_runtimeeq1.6.7
cloud_foundry_elastic_runtimeeq1.6.6
cloud_foundry_elastic_runtimeeq1.6.31
cloud_foundry_elastic_runtimeeq1.7.19

Name	Operator	Version
cloud_foundry_uaa_bosh	le	12.3
cloud_foundry	le	241
cloud_foundry_elastic_runtime	eq	1.6.5
cloud_foundry_elastic_runtime	eq	1.8.0
cloud_foundry_elastic_runtime	eq	1.6.13
cloud_foundry_elastic_runtime	eq	1.7.6
cloud_foundry_elastic_runtime	eq	1.6.7
cloud_foundry_elastic_runtime	eq	1.6.6
cloud_foundry_elastic_runtime	eq	1.6.31
cloud_foundry_elastic_runtime	eq	1.7.19