cloudfoundry-identity-server is vulnerable to privilege escalation attacks. The vulnerability exists due to an error in validation, allowing an authenticated user to gain an OAuth token with arbitrary scopes by modifying the url and content of the consent page.
CPE | Name | Operator | Version |
---|---|---|---|
uaa server | le | 4.22.0 |