VYPR
Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Sep 16, 2024

Privilege Escalation via Blind SCIM Injection in UAA

CVE-2019-11278

Description

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cloudfoundry/Uaallm-fuzzy
    Range: <74.1.0
  • Cloud Foundry/UAA Release (OSS)v5
    Range: prior to 74.1.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.