CVE-2024-38806

Summary

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.

Affected Software

VendorProductVersion RangeStatus
n/aUAAv77.10.0 and belowaffected

Weaknesses

  • CWE-440: CWE-440

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References