Medium severity6.6NVD Advisory· Published Jul 10, 2017· Updated May 13, 2026
CVE-2017-8032
CVE-2017-8032
Description
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | < 3.6.13 | 3.6.13 |
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | >= 3.7.0, < 3.9.15 | 3.9.15 |
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | >= 3.10.0, < 3.20.0 | 3.20.0 |
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | >= 4.0.0, < 4.4.0 | 4.4.0 |
Affected products
81cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:*:*:*:*:*:*:*:*range: <=40
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.10:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.11:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.12:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.13:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.14:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.15:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.16:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.3:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.4:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.5:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.6:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.7:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.8:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:13.9:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.1:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.10:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.11:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.2:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.3:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.4:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.5:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.6:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.7:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.8:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:24.9:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.1:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.2:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.3:*:*:*:*:*:*:*
- cpe:2.3:a:cloudfoundry:cloud_foundry_uaa_bosh:30.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_cf:*:*:*:*:*:*:*:*Range: <=263
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*+ 45 more
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.7.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.14:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:cloud_foundry_uaa:3.9.9:*:*:*:*:*:*:*
Patches
4ea8c0ce7740aClean up queries and add zone Id
2 files changed · +53 −35
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManager.java+50 −30 modified@@ -12,12 +12,6 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.jdbc; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Timestamp; -import java.util.List; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable; @@ -42,6 +36,12 @@ import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Timestamp; +import java.util.List; + public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<ScimGroupExternalMember> implements ScimGroupExternalMembershipManager { @@ -64,23 +64,36 @@ public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<Sc public static final String ADD_EXTERNAL_GROUP_MAPPING_SQL = String.format("insert into %s ( %s ) values (?,lower(?),?,?)", EXTERNAL_GROUP_MAPPING_TABLE, EXTERNAL_GROUP_MAPPING_FIELDS); - public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where gm.group_id=? and %s", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format("select %s from %s where %s and lower(external_group)=lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where g.id=? and %s and lower(external_group) like lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = - String.format("delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", - EXTERNAL_GROUP_MAPPING_TABLE); - - public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = - String.format("delete from %s where group_id = ?", EXTERNAL_GROUP_MAPPING_TABLE); + public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and gm.group_id=? and %s", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and %s and lower(external_group)=lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and g.id=? and %s and lower(external_group) like lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", + EXTERNAL_GROUP_MAPPING_TABLE + ); + + public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = String.format( + "delete from %s where group_id = ?", + EXTERNAL_GROUP_MAPPING_TABLE + ); private final RowMapper<ScimGroupExternalMember> rowMapper = new ScimGroupExternalMemberRowMapper(); @@ -215,8 +228,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupId(final String return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groupId); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groupId); + ps.setString(3, origin); } }, rowMapper); } @@ -232,8 +246,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupName(final Strin return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groups.get(0).getId()); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groups.get(0).getId()); + ps.setString(3, origin); } }, rowMapper); } else { @@ -264,8 +279,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByExternalGroup(final S return jdbcTemplate.query(GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, origin); - ps.setString(2, externalGroup); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, origin); + ps.setString(3, externalGroup); } }, rowMapper); @@ -285,7 +301,11 @@ private ScimGroupExternalMember getExternalGroupMap(final String groupId, throws ScimResourceNotFoundException { try { ScimGroupExternalMember u = jdbcTemplate.queryForObject(GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL, - rowMapper, groupId, origin, externalGroup); + rowMapper, + IdentityZoneHolder.get().getId(), + groupId, + origin, + externalGroup); return u; } catch (EmptyResultDataAccessException e) { throw new ScimResourceNotFoundException("The mapping between groupId " + groupId + " and external group "
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupProvisioning.java+3 −5 modified@@ -20,7 +20,6 @@ import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; -import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; import org.cloudfoundry.identity.uaa.scim.ScimMeta; import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException; @@ -43,7 +42,6 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Timestamp; -import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.UUID; @@ -81,7 +79,7 @@ public Log getLogger() { public static final String ALL_GROUPS = String.format("select %s from %s", GROUP_FIELDS, GROUP_TABLE); - public static final String DELETE_GROUP_SQL = String.format("delete from %s where id=? and identity_zone_id=?", GROUP_TABLE); + public static final String DELETE_GROUP_SQL = String.format("delete from %s where id=?", GROUP_TABLE); public static final String DELETE_GROUP_BY_ZONE = String.format("delete from %s where identity_zone_id=?", GROUP_TABLE); public static final String DELETE_GROUP_MEMBERSHIP_BY_ZONE = String.format("delete from %s where group_id in (select id from %s where identity_zone_id = ?)", GROUP_MEMBERSHIP_TABLE, GROUP_TABLE); @@ -252,9 +250,9 @@ public ScimGroup delete(String id, int version) throws ScimResourceNotFoundExcep externalGroupMappingManager.unmapAll(id); int deleted; if (version > 0) { - deleted = jdbcTemplate.update(DELETE_GROUP_SQL + " and version=?;", id, IdentityZoneHolder.get().getId(),version); + deleted = jdbcTemplate.update(DELETE_GROUP_SQL + " and version=?;", id, version); } else { - deleted = jdbcTemplate.update(DELETE_GROUP_SQL, id, IdentityZoneHolder.get().getId()); + deleted = jdbcTemplate.update(DELETE_GROUP_SQL, id); } if (deleted != 1) { throw new IncorrectResultSizeDataAccessException(1, deleted);
4e4d653edb6bClean up queries and add zone Id
2 files changed · +53 −33
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManager.java+50 −30 modified@@ -12,12 +12,6 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.jdbc; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Timestamp; -import java.util.List; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable; @@ -42,6 +36,12 @@ import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Timestamp; +import java.util.List; + public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<ScimGroupExternalMember> implements ScimGroupExternalMembershipManager { @@ -64,23 +64,36 @@ public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<Sc public static final String ADD_EXTERNAL_GROUP_MAPPING_SQL = String.format("insert into %s ( %s ) values (?,lower(?),?,?)", EXTERNAL_GROUP_MAPPING_TABLE, EXTERNAL_GROUP_MAPPING_FIELDS); - public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where gm.group_id=? and %s", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format("select %s from %s where %s and lower(external_group)=lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where g.id=? and %s and lower(external_group) like lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = - String.format("delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", - EXTERNAL_GROUP_MAPPING_TABLE); - - public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = - String.format("delete from %s where group_id = ?", EXTERNAL_GROUP_MAPPING_TABLE); + public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and gm.group_id=? and %s", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and %s and lower(external_group)=lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and g.id=? and %s and lower(external_group) like lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", + EXTERNAL_GROUP_MAPPING_TABLE + ); + + public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = String.format( + "delete from %s where group_id = ?", + EXTERNAL_GROUP_MAPPING_TABLE + ); private final RowMapper<ScimGroupExternalMember> rowMapper = new ScimGroupExternalMemberRowMapper(); @@ -215,8 +228,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupId(final String return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groupId); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groupId); + ps.setString(3, origin); } }, rowMapper); } @@ -232,8 +246,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupName(final Strin return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groups.get(0).getId()); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groups.get(0).getId()); + ps.setString(3, origin); } }, rowMapper); } else { @@ -264,8 +279,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByExternalGroup(final S return jdbcTemplate.query(GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, origin); - ps.setString(2, externalGroup); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, origin); + ps.setString(3, externalGroup); } }, rowMapper); @@ -285,7 +301,11 @@ private ScimGroupExternalMember getExternalGroupMap(final String groupId, throws ScimResourceNotFoundException { try { ScimGroupExternalMember u = jdbcTemplate.queryForObject(GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL, - rowMapper, groupId, origin, externalGroup); + rowMapper, + IdentityZoneHolder.get().getId(), + groupId, + origin, + externalGroup); return u; } catch (EmptyResultDataAccessException e) { throw new ScimResourceNotFoundException("The mapping between groupId " + groupId + " and external group "
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupProvisioning.java+3 −3 modified@@ -79,7 +79,7 @@ public Log getLogger() { public static final String ALL_GROUPS = String.format("select %s from %s", GROUP_FIELDS, GROUP_TABLE); - public static final String DELETE_GROUP_SQL = String.format("delete from %s where id=? and identity_zone_id=?", GROUP_TABLE); + public static final String DELETE_GROUP_SQL = String.format("delete from %s where id=?", GROUP_TABLE); public static final String DELETE_GROUP_BY_ZONE = String.format("delete from %s where identity_zone_id=?", GROUP_TABLE); public static final String DELETE_GROUP_MEMBERSHIP_BY_ZONE = String.format("delete from %s where group_id in (select id from %s where identity_zone_id = ?)", GROUP_MEMBERSHIP_TABLE, GROUP_TABLE); @@ -250,9 +250,9 @@ public ScimGroup delete(String id, int version) throws ScimResourceNotFoundExcep externalGroupMappingManager.unmapAll(id); int deleted; if (version > 0) { - deleted = jdbcTemplate.update(DELETE_GROUP_SQL + " and version=?;", id, IdentityZoneHolder.get().getId(),version); + deleted = jdbcTemplate.update(DELETE_GROUP_SQL + " and version=?;", id, version); } else { - deleted = jdbcTemplate.update(DELETE_GROUP_SQL, id, IdentityZoneHolder.get().getId()); + deleted = jdbcTemplate.update(DELETE_GROUP_SQL, id); } if (deleted != 1) { throw new IncorrectResultSizeDataAccessException(1, deleted);
2c10c43f04cfClean up queries and add zone Id
2 files changed · +53 −35
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManager.java+50 −30 modified@@ -12,12 +12,6 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.jdbc; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Timestamp; -import java.util.List; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable; @@ -42,6 +36,12 @@ import org.springframework.util.Assert; import org.springframework.util.StringUtils; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Timestamp; +import java.util.List; + public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<ScimGroupExternalMember> implements ScimGroupExternalMembershipManager { @@ -64,23 +64,36 @@ public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<Sc public static final String ADD_EXTERNAL_GROUP_MAPPING_SQL = String.format("insert into %s ( %s ) values (?,lower(?),?,?)", EXTERNAL_GROUP_MAPPING_TABLE, EXTERNAL_GROUP_MAPPING_FIELDS); - public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where gm.group_id=? and %s", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format("select %s from %s where %s and lower(external_group)=lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where g.id=? and %s and lower(external_group) like lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = - String.format("delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", - EXTERNAL_GROUP_MAPPING_TABLE); - - public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = - String.format("delete from %s where group_id = ?", EXTERNAL_GROUP_MAPPING_TABLE); + public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and gm.group_id=? and %s", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and %s and lower(external_group)=lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and g.id=? and %s and lower(external_group) like lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", + EXTERNAL_GROUP_MAPPING_TABLE + ); + + public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = String.format( + "delete from %s where group_id = ?", + EXTERNAL_GROUP_MAPPING_TABLE + ); private final RowMapper<ScimGroupExternalMember> rowMapper = new ScimGroupExternalMemberRowMapper(); @@ -215,8 +228,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupId(final String return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groupId); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groupId); + ps.setString(3, origin); } }, rowMapper); } @@ -232,8 +246,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupName(final Strin return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groups.get(0).getId()); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groups.get(0).getId()); + ps.setString(3, origin); } }, rowMapper); } else { @@ -264,8 +279,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByExternalGroup(final S return jdbcTemplate.query(GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, origin); - ps.setString(2, externalGroup); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, origin); + ps.setString(3, externalGroup); } }, rowMapper); @@ -285,7 +301,11 @@ private ScimGroupExternalMember getExternalGroupMap(final String groupId, throws ScimResourceNotFoundException { try { ScimGroupExternalMember u = jdbcTemplate.queryForObject(GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL, - rowMapper, groupId, origin, externalGroup); + rowMapper, + IdentityZoneHolder.get().getId(), + groupId, + origin, + externalGroup); return u; } catch (EmptyResultDataAccessException e) { throw new ScimResourceNotFoundException("The mapping between groupId " + groupId + " and external group "
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupProvisioning.java+3 −5 modified@@ -20,7 +20,6 @@ import org.cloudfoundry.identity.uaa.resources.jdbc.AbstractQueryable; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; import org.cloudfoundry.identity.uaa.scim.ScimGroup; -import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; import org.cloudfoundry.identity.uaa.scim.ScimMeta; import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException; @@ -43,7 +42,6 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Timestamp; -import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.UUID; @@ -81,7 +79,7 @@ public Log getLogger() { public static final String ALL_GROUPS = String.format("select %s from %s", GROUP_FIELDS, GROUP_TABLE); - public static final String DELETE_GROUP_SQL = String.format("delete from %s where id=? and identity_zone_id=?", GROUP_TABLE); + public static final String DELETE_GROUP_SQL = String.format("delete from %s where id=?", GROUP_TABLE); public static final String DELETE_GROUP_BY_ZONE = String.format("delete from %s where identity_zone_id=?", GROUP_TABLE); public static final String DELETE_GROUP_MEMBERSHIP_BY_ZONE = String.format("delete from %s where group_id in (select id from %s where identity_zone_id = ?)", GROUP_MEMBERSHIP_TABLE, GROUP_TABLE); @@ -252,9 +250,9 @@ public ScimGroup delete(String id, int version) throws ScimResourceNotFoundExcep externalGroupMappingManager.unmapAll(id); int deleted; if (version > 0) { - deleted = jdbcTemplate.update(DELETE_GROUP_SQL + " and version=?;", id, IdentityZoneHolder.get().getId(),version); + deleted = jdbcTemplate.update(DELETE_GROUP_SQL + " and version=?;", id, version); } else { - deleted = jdbcTemplate.update(DELETE_GROUP_SQL, id, IdentityZoneHolder.get().getId()); + deleted = jdbcTemplate.update(DELETE_GROUP_SQL, id); } if (deleted != 1) { throw new IncorrectResultSizeDataAccessException(1, deleted);
aa308c463eaeClean up queries and add zone Id
1 file changed · +50 −28
server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimGroupExternalMembershipManager.java+50 −28 modified@@ -66,23 +66,36 @@ public class JdbcScimGroupExternalMembershipManager extends AbstractQueryable<Sc public static final String ADD_EXTERNAL_GROUP_MAPPING_SQL = String.format("insert into %s ( %s ) values (?,lower(?),?,?,?)", EXTERNAL_GROUP_MAPPING_TABLE, EXTERNAL_GROUP_MAPPING_FIELDS + ",identity_zone_id"); - public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where gm.group_id=? and %s", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format("select %s from %s where %s and lower(external_group)=lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = - String.format("select %s from %s where g.id=? and %s and lower(external_group) like lower(?)", - JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, JOIN_GROUP_TABLE, JOIN_WHERE_ID); - - public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = - String.format("delete from %s where group_id=? and lower(external_group)=lower(?) and origin=?", - EXTERNAL_GROUP_MAPPING_TABLE); - - public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = - String.format("delete from %s where group_id = ?", EXTERNAL_GROUP_MAPPING_TABLE); + public static final String GET_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and gm.group_id=? and %s", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "select %s from %s where gm.identity_zone_id=? and %s and lower(external_group)=lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL = String.format( + "select %s from %s where g.identity_zone_id=? and g.id=? and %s and lower(external_group) like lower(?)", + JOIN_EXTERNAL_GROUP_MAPPING_FIELDS, + JOIN_GROUP_TABLE, + JOIN_WHERE_ID + ); + + public static final String DELETE_EXTERNAL_GROUP_MAPPING_SQL = String.format( + "delete from %s where identity_zone_id=? and group_id=? and lower(external_group)=lower(?) and origin=?", + EXTERNAL_GROUP_MAPPING_TABLE + ); + + public static final String DELETE_ALL_MAPPINGS_FOR_GROUP_SQL = String.format( + "delete from %s where identity_zone_id=? and group_id = ?", + EXTERNAL_GROUP_MAPPING_TABLE + ); private final RowMapper<ScimGroupExternalMember> rowMapper = new ScimGroupExternalMemberRowMapper(); @@ -193,9 +206,10 @@ public ScimGroupExternalMember unmapExternalGroup(final String groupId, int count = jdbcTemplate.update(DELETE_EXTERNAL_GROUP_MAPPING_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groupId); - ps.setString(2, externalGroup); - ps.setString(3, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groupId); + ps.setString(3, externalGroup); + ps.setString(4, origin); } }); if (count==1) { @@ -218,8 +232,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupId(final String return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groupId); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groupId); + ps.setString(3, origin); } }, rowMapper); } @@ -235,8 +250,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByGroupName(final Strin return jdbcTemplate.query(GET_EXTERNAL_GROUP_MAPPINGS_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groups.get(0).getId()); - ps.setString(2, origin); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groups.get(0).getId()); + ps.setString(3, origin); } }, rowMapper); } else { @@ -254,7 +270,8 @@ public void unmapAll(String groupId) throws ScimResourceNotFoundException { jdbcTemplate.update(DELETE_ALL_MAPPINGS_FOR_GROUP_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, groupId); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, groupId); } }); } @@ -267,8 +284,9 @@ public List<ScimGroupExternalMember> getExternalGroupMapsByExternalGroup(final S return jdbcTemplate.query(GET_GROUPS_BY_EXTERNAL_GROUP_MAPPING_SQL, new PreparedStatementSetter() { @Override public void setValues(PreparedStatement ps) throws SQLException { - ps.setString(1, origin); - ps.setString(2, externalGroup); + ps.setString(1, IdentityZoneHolder.get().getId()); + ps.setString(2, origin); + ps.setString(3, externalGroup); } }, rowMapper); @@ -288,7 +306,11 @@ private ScimGroupExternalMember getExternalGroupMap(final String groupId, throws ScimResourceNotFoundException { try { ScimGroupExternalMember u = jdbcTemplate.queryForObject(GET_GROUPS_WITH_EXTERNAL_GROUP_MAPPINGS_SQL, - rowMapper, groupId, origin, externalGroup); + rowMapper, + IdentityZoneHolder.get().getId(), + groupId, + origin, + externalGroup); return u; } catch (EmptyResultDataAccessException e) { throw new ScimResourceNotFoundException("The mapping between groupId " + groupId + " and external group "
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-9frw-wmvq-5rrcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8032ghsaADVISORY
- www.cloudfoundry.org/cve-2017-8032/nvdMitigationVendor Advisory
- github.com/cloudfoundry/uaa/commit/2c10c43f04cf31e9f8f496cd218bfc773dfc149ghsaWEB
- github.com/cloudfoundry/uaa/commit/4e4d653edb6b8f68e12b7c415e07e068b1574b8ghsaWEB
- github.com/cloudfoundry/uaa/commit/aa308c463eaec96704198c2686306c9fc42f126eghsaWEB
- github.com/cloudfoundry/uaa/commit/ea8c0ce7740a5d756d9f11964f6a6b4df54cc3b2ghsaWEB
- www.cloudfoundry.org/cve-2017-8032ghsaWEB
News mentions
0No linked articles in our index yet.