Low severity3.9NVD Advisory· Published Jul 18, 2024· Updated Apr 15, 2026

CVE-2024-38806

Description

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users retaining access rights they should not have. This can allow them to perform operations beyond their intended permissions.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cloudfoundry.org/blog/cve-2024-38806-uaa-failure-to-remove-shadow-users-accessnvd

News mentions

No linked articles in our index yet.

cvss	0.254
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000