Unrated severityNVD Advisory· Published Apr 25, 2019· Updated Sep 16, 2024
UAA redirect-uri allows wildcard in the subdomain
CVE-2019-3788
Description
Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <71.0
- Cloud Foundry/UAA Release (OSS)v5Range: All
- Pivotal/Pivotal Application Servicev5Range: 2.5
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2019-3788mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.