Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: pivotal

Published: 2019-07-11T18:11:36.916271Z

Updated: 2024-09-17T03:13:54.242Z

Reserved: 2019-04-18T00:00:00

Link: CVE-2019-11268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-07-11T18:15:12.480

Modified: 2024-11-21T04:20:49.243

Link: CVE-2019-11268

cve-icon Redhat

No data.