Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Sep 16, 2024
Privilege Escalation via Blind SCIM Injection in UAA
CVE-2019-11278
Description
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <74.1.0
- Cloud Foundry/UAA Release (OSS)v5Range: prior to 74.1.0
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2019-11278mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.