VYPR
Unrated severityNVD Advisory· Published Dec 13, 2018· Updated Sep 16, 2024

UAA can issue tokens across identity providers if users with matching usernames exist

CVE-2018-15754

Description

Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cloudfoundry/Uaallm-fuzzy
    Range: >= 60 < 66.0
  • Cloud Foundry/UAA Releasev5
    Range: 60

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.