Vulnerabilities > CVE-2018-15761 - Unspecified vulnerability in Pivotal Software Cloudfoundry UAA Release

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
pivotal-software
NVD
Published: 2018-11-19
Updated: 2019-10-09

Summary

Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.

Vulnerable Configurations

Part Description Count
Application
Pivotal_Software
370

References