CVE-2020-5402

Summary

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.

Affected Software

VendorProductVersion RangeStatus
Cloud FoundryUAAunspecified < v74.14.0affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References