High severityNVD Advisory· Published Nov 19, 2018· Updated Sep 17, 2024
UAA Privilege Escalation
CVE-2018-15761
Description
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.cloudfoundry.identity:cloudfoundry-identity-serverMaven | < 4.23.0 | 4.23.0 |
Affected products
3- Range: all versions
- Cloud Foundry/UAA Releasev5Range: all versions
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-292x-hjr8-226fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-15761ghsaADVISORY
- github.com/cloudfoundry/uaa/commit/3f0730a015d10166de23b7e036743c185f0576a6ghsaWEB
- github.com/cloudfoundry/uaa/commit/95b7d9e7fae534a362b98de1df5bf501cd52c481ghsaWEB
- www.cloudfoundry.org/blog/cve-2018-15761ghsaWEB
- www.cloudfoundry.org/blog/cve-2018-15761/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.