Unrated severityNVD Advisory· Published Dec 13, 2018· Updated Sep 16, 2024
UAA can issue tokens across identity providers if users with matching usernames exist
CVE-2018-15754
Description
Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >= 60 < 66.0
- Cloud Foundry/UAA Releasev5Range: 60
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/106240mitrevdb-entryx_refsource_BID
- www.cloudfoundry.org/blog/cve-2018-15754mitrex_refsource_CONFIRM
- www.cloudfoundry.org/blog/cve-2018-15754/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.