Unrated severityNVD Advisory· Published Feb 27, 2020· Updated Sep 16, 2024
UAA fails to check the state parameter when authenticating with external IDPs
CVE-2020-5402
Description
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<74.14.0+ 1 more
- (no CPE)range: <74.14.0
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- www.cloudfoundry.org/blog/cve-2020-5402mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.