Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cloudfoundry.org/blog/cve-2019-3787 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2019-06-19T22:28:07.316424Z
Updated: 2024-09-16T21:57:57.203Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3787
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-19T23:15:10.127
Modified: 2024-11-21T04:42:32.550
Link: CVE-2019-3787
Redhat
No data.