Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Sep 17, 2024
Privilege Escalation via Scope Manipulation in UAA
CVE-2019-11279
Description
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <74.1.0
- Cloud Foundry/UAA Release (OSS)v5Range: prior to 74.1.0
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2019-11279mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.