CVE-2021-22001

Summary

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server.

Affected Software

VendorProductVersion RangeStatus
n/aCloud Foundry UAA serverCloud Foundry UAA server prior to version 75.3.0affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

References