VYPR
Unrated severityNVD Advisory· Published Sep 26, 2019· Updated Sep 17, 2024

Privilege Escalation via Scope Manipulation in UAA

CVE-2019-11279

Description

CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cloudfoundry/Uaallm-fuzzy
    Range: <74.1.0
  • Cloud Foundry/UAA Release (OSS)v5
    Range: prior to 74.1.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.