CVE-2019-3798
6
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
Summary
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloud Foundry | CAPI-release | All < 1.79.0 | affected |
Weaknesses
- CWE-287: CWE-287: Improper Authentication - Generic
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.