Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2019-04-17T13:32:35.609682Z
Updated: 2024-09-17T04:09:11.026Z
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3798
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-17T14:29:03.590
Modified: 2024-11-21T04:42:33.703
Link: CVE-2019-3798
Redhat
No data.