VYPR

Uaa Release

by Cloudfoundry

Source repositories

CVEs (8)

  • CVE-2016-0732HigSep 7, 2017
    risk 0.57cvss 8.8epss 0.01

    The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone…

  • CVE-2017-4963HigJun 13, 2017
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate…

  • CVE-2026-22723MedMar 5, 2026
    risk 0.35cvss 6.5epss 0.00

    Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0.

  • CVE-2016-5016MedApr 24, 2017
    risk 0.31cvss 5.9epss 0.01

    Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a…

  • CVE-2017-8031MedNov 27, 2017
    risk 0.28cvss 5.3epss 0.01

    An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke…

  • CVE-2019-11293Dec 6, 2019
    risk 0.00cvss epss 0.01

    Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided…

  • CVE-2019-11290Nov 25, 2019
    risk 0.00cvss epss 0.01

    Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.

  • CVE-2019-3801Apr 25, 2019
    risk 0.00cvss epss 0.01

    Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the…