Vulnerabilities > CVE-2019-11278 - Unspecified vulnerability in Cloudfoundry User Account and Authentication

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cloudfoundry

NVD

Published: 2019-09-26

Updated: 2020-10-05

Summary

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.

Vulnerable Configurations

Part	Description	Count
Application	Cloudfoundry Cloudfoundry User Account AND Authentication - Cloudfoundry User Account AND Authentication 1.0.0 Cloudfoundry User Account AND Authentication 1.0.1 Cloudfoundry User Account AND Authentication 1.0.2 Cloudfoundry User Account AND Authentication 1.0.3 Cloudfoundry User Account AND Authentication 1.1 Cloudfoundry User Account AND Authentication 1.1.1 Cloudfoundry User Account AND Authentication 1.1.2 Cloudfoundry User Account AND Authentication 1.2.0 Cloudfoundry User Account AND Authentication 1.2.1 Cloudfoundry User Account AND Authentication 1.2.2 Cloudfoundry User Account AND Authentication 1.2.3 Cloudfoundry User Account AND Authentication 1.2.4 Cloudfoundry User Account AND Authentication 1.2.5 Cloudfoundry User Account AND Authentication 1.2.6 Cloudfoundry User Account AND Authentication 1.3.0 Cloudfoundry User Account AND Authentication 1.3.1 Cloudfoundry User Account AND Authentication 1.4.0 Cloudfoundry User Account AND Authentication 1.4.1 Cloudfoundry User Account AND Authentication 1.4.2 Cloudfoundry User Account AND Authentication 1.4.3 Cloudfoundry User Account AND Authentication 1.4.4 Cloudfoundry User Account AND Authentication 1.4.5 Cloudfoundry User Account AND Authentication 1.4.6 Cloudfoundry User Account AND Authentication 1.4.7 Cloudfoundry User Account AND Authentication 1.5.0 Cloudfoundry User Account AND Authentication 1.5.1 Cloudfoundry User Account AND Authentication 1.5.2 Cloudfoundry User Account AND Authentication 1.5.2.1 Cloudfoundry User Account AND Authentication 1.5.3 Cloudfoundry User Account AND Authentication 1.5.4 Cloudfoundry User Account AND Authentication 1.5.4.1 Cloudfoundry User Account AND Authentication 1.6.0 Cloudfoundry User Account AND Authentication 1.6.1 Cloudfoundry User Account AND Authentication 1.6.2 Cloudfoundry User Account AND Authentication 1.6.3 Cloudfoundry User Account AND Authentication 1.6.4 Cloudfoundry User Account AND Authentication 1.6.5 Cloudfoundry User Account AND Authentication 1.7.0 Cloudfoundry User Account AND Authentication 1.7.1 Cloudfoundry User Account AND Authentication 1.7.2 Cloudfoundry User Account AND Authentication 1.8.0 Cloudfoundry User Account AND Authentication 1.8.1 Cloudfoundry User Account AND Authentication 1.8.2 Cloudfoundry User Account AND Authentication 1.8.3 Cloudfoundry User Account AND Authentication 1.9.0 Cloudfoundry User Account AND Authentication 1.9.1 Cloudfoundry User Account AND Authentication 1.10 Cloudfoundry User Account AND Authentication 1.11 Cloudfoundry User Account AND Authentication 2.0.0 Cloudfoundry User Account AND Authentication 2.0.1 Cloudfoundry User Account AND Authentication 2.0.2 Cloudfoundry User Account AND Authentication 2.0.3 Cloudfoundry User Account AND Authentication 2.1.0 Cloudfoundry User Account AND Authentication 2.2.0 Cloudfoundry User Account AND Authentication 2.2.1 Cloudfoundry User Account AND Authentication 2.2.2 Cloudfoundry User Account AND Authentication 2.2.3 Cloudfoundry User Account AND Authentication 2.2.4 Cloudfoundry User Account AND Authentication 2.2.4.1 Cloudfoundry User Account AND Authentication 2.2.5 Cloudfoundry User Account AND Authentication 2.2.5.2 Cloudfoundry User Account AND Authentication 2.2.5.3 Cloudfoundry User Account AND Authentication 2.2.5.4 Cloudfoundry User Account AND Authentication 2.2.6 Cloudfoundry User Account AND Authentication 2.3.0 Cloudfoundry User Account AND Authentication 2.3.1 Cloudfoundry User Account AND Authentication 2.3.1.1 Cloudfoundry User Account AND Authentication 2.4.0 Cloudfoundry User Account AND Authentication 2.4.1 Cloudfoundry User Account AND Authentication 2.5.0 Cloudfoundry User Account AND Authentication 2.5.1 Cloudfoundry User Account AND Authentication 2.5.2 Cloudfoundry User Account AND Authentication 2.6.0 Cloudfoundry User Account AND Authentication 2.6.1 Cloudfoundry User Account AND Authentication 2.6.2 Cloudfoundry User Account AND Authentication 2.7.0 Cloudfoundry User Account AND Authentication 2.7.0.1 Cloudfoundry User Account AND Authentication 2.7.0.2 Cloudfoundry User Account AND Authentication 2.7.0.3 Cloudfoundry User Account AND Authentication 2.7.1 Cloudfoundry User Account AND Authentication 2.7.2 Cloudfoundry User Account AND Authentication 2.7.3 Cloudfoundry User Account AND Authentication 2.7.4 Cloudfoundry User Account AND Authentication 2.7.4.1 Cloudfoundry User Account AND Authentication 2.7.4.2 Cloudfoundry User Account AND Authentication 2.7.4.3 Cloudfoundry User Account AND Authentication 2.7.4.4 Cloudfoundry User Account AND Authentication 2.7.4.5 Cloudfoundry User Account AND Authentication 2.7.4.6 Cloudfoundry User Account AND Authentication 2.7.4.7 Cloudfoundry User Account AND Authentication 2.7.4.8 Cloudfoundry User Account AND Authentication 2.7.4.9 Cloudfoundry User Account AND Authentication 2.7.4.10 Cloudfoundry User Account AND Authentication 2.7.4.11 Cloudfoundry User Account AND Authentication 2.7.4.12 Cloudfoundry User Account AND Authentication 2.7.4.13 Cloudfoundry User Account AND Authentication 2.7.4.14 Cloudfoundry User Account AND Authentication 2.7.4.15 Cloudfoundry User Account AND Authentication 2.7.4.16 Cloudfoundry User Account AND Authentication 2.7.4.17 Cloudfoundry User Account AND Authentication 2.7.4.18 Cloudfoundry User Account AND Authentication 3.0.0 Cloudfoundry User Account AND Authentication 3.0.1 Cloudfoundry User Account AND Authentication 3.1.0 Cloudfoundry User Account AND Authentication 3.2.0 Cloudfoundry User Account AND Authentication 3.2.1 Cloudfoundry User Account AND Authentication 3.3.0 Cloudfoundry User Account AND Authentication 3.3.0.1 Cloudfoundry User Account AND Authentication 3.3.0.2 Cloudfoundry User Account AND Authentication 3.3.0.3 Cloudfoundry User Account AND Authentication 3.3.0.4 Cloudfoundry User Account AND Authentication 3.3.0.5 Cloudfoundry User Account AND Authentication 3.3.0.6 Cloudfoundry User Account AND Authentication 3.4.0 Cloudfoundry User Account AND Authentication 3.4.1 Cloudfoundry User Account AND Authentication 3.4.2 Cloudfoundry User Account AND Authentication 3.4.3 Cloudfoundry User Account AND Authentication 3.4.4 Cloudfoundry User Account AND Authentication 3.4.5 Cloudfoundry User Account AND Authentication 3.5.0 Cloudfoundry User Account AND Authentication 3.6.0 Cloudfoundry User Account AND Authentication 3.6.1 Cloudfoundry User Account AND Authentication 3.6.2 Cloudfoundry User Account AND Authentication 3.6.3 Cloudfoundry User Account AND Authentication 3.6.4 Cloudfoundry User Account AND Authentication 3.6.5 Cloudfoundry User Account AND Authentication 3.6.6 Cloudfoundry User Account AND Authentication 3.6.7 Cloudfoundry User Account AND Authentication 3.6.8 Cloudfoundry User Account AND Authentication 3.6.9 Cloudfoundry User Account AND Authentication 3.6.10 Cloudfoundry User Account AND Authentication 3.6.11 Cloudfoundry User Account AND Authentication 3.6.12 Cloudfoundry User Account AND Authentication 3.6.13 Cloudfoundry User Account AND Authentication 3.6.14 Cloudfoundry User Account AND Authentication 3.7.0 Cloudfoundry User Account AND Authentication 3.7.1 Cloudfoundry User Account AND Authentication 3.7.2 Cloudfoundry User Account AND Authentication 3.7.3 Cloudfoundry User Account AND Authentication 3.7.4 Cloudfoundry User Account AND Authentication 3.8.0 Cloudfoundry User Account AND Authentication 3.9.0 Cloudfoundry User Account AND Authentication 3.9.1 Cloudfoundry User Account AND Authentication 3.9.2 Cloudfoundry User Account AND Authentication 3.9.3 Cloudfoundry User Account AND Authentication 3.9.4 Cloudfoundry User Account AND Authentication 3.9.5 Cloudfoundry User Account AND Authentication 3.9.6 Cloudfoundry User Account AND Authentication 3.9.7 Cloudfoundry User Account AND Authentication 3.9.8 Cloudfoundry User Account AND Authentication 3.9.9 Cloudfoundry User Account AND Authentication 3.9.10 Cloudfoundry User Account AND Authentication 3.9.11 Cloudfoundry User Account AND Authentication 3.9.12 Cloudfoundry User Account AND Authentication 3.9.13 Cloudfoundry User Account AND Authentication 3.9.14 Cloudfoundry User Account AND Authentication 3.9.15 Cloudfoundry User Account AND Authentication 3.9.16 Cloudfoundry User Account AND Authentication 3.9.17 Cloudfoundry User Account AND Authentication 3.10.0 Cloudfoundry User Account AND Authentication 3.11.0 Cloudfoundry User Account AND Authentication 3.12.0 Cloudfoundry User Account AND Authentication 3.13.0 Cloudfoundry User Account AND Authentication 3.14.0 Cloudfoundry User Account AND Authentication 3.15.0 Cloudfoundry User Account AND Authentication 3.16.0 Cloudfoundry User Account AND Authentication 3.17.0 Cloudfoundry User Account AND Authentication 3.18.0 Cloudfoundry User Account AND Authentication 3.19.0 Cloudfoundry User Account AND Authentication 3.20.0 Cloudfoundry User Account AND Authentication 3.20.1 Cloudfoundry User Account AND Authentication 3.20.2 Cloudfoundry User Account AND Authentication 3.20.3 Cloudfoundry User Account AND Authentication 4.0.0 Cloudfoundry User Account AND Authentication 4.1.0 Cloudfoundry User Account AND Authentication 4.2.0 Cloudfoundry User Account AND Authentication 4.3.0 Cloudfoundry User Account AND Authentication 4.4.0 Cloudfoundry User Account AND Authentication 4.5.0 Cloudfoundry User Account AND Authentication 4.5.1 Cloudfoundry User Account AND Authentication 4.5.2 Cloudfoundry User Account AND Authentication 4.5.3 Cloudfoundry User Account AND Authentication 4.5.4 Cloudfoundry User Account AND Authentication 4.5.5 Cloudfoundry User Account AND Authentication 4.5.6 Cloudfoundry User Account AND Authentication 4.5.7 Cloudfoundry User Account AND Authentication 4.6.0 Cloudfoundry User Account AND Authentication 4.6.1 Cloudfoundry User Account AND Authentication 4.7.0 Cloudfoundry User Account AND Authentication 4.7.1 Cloudfoundry User Account AND Authentication 4.7.2 Cloudfoundry User Account AND Authentication 4.7.3 Cloudfoundry User Account AND Authentication 4.7.4 Cloudfoundry User Account AND Authentication 4.7.5 Cloudfoundry User Account AND Authentication 4.7.6 Cloudfoundry User Account AND Authentication 4.8.0 Cloudfoundry User Account AND Authentication 4.8.1 Cloudfoundry User Account AND Authentication 4.8.2 Cloudfoundry User Account AND Authentication 4.8.3 Cloudfoundry User Account AND Authentication 4.9.0 Cloudfoundry User Account AND Authentication 4.10.0 Cloudfoundry User Account AND Authentication 4.10.1 Cloudfoundry User Account AND Authentication 4.10.2 Cloudfoundry User Account AND Authentication 4.11.0 Cloudfoundry User Account AND Authentication 4.12.0 Cloudfoundry User Account AND Authentication 4.12.1 Cloudfoundry User Account AND Authentication 4.12.2 Cloudfoundry User Account AND Authentication 4.12.3 Cloudfoundry User Account AND Authentication 4.12.4 Cloudfoundry User Account AND Authentication 4.13.0 Cloudfoundry User Account AND Authentication 4.13.1 Cloudfoundry User Account AND Authentication 4.13.2 Cloudfoundry User Account AND Authentication 4.13.3 Cloudfoundry User Account AND Authentication 4.13.4 Cloudfoundry User Account AND Authentication 4.14.0 Cloudfoundry User Account AND Authentication 4.15.0 Cloudfoundry User Account AND Authentication 4.16.0 Cloudfoundry User Account AND Authentication 4.17.0 Cloudfoundry User Account AND Authentication 4.18.0 Cloudfoundry User Account AND Authentication 4.19.0 Cloudfoundry User Account AND Authentication 4.19.2 Cloudfoundry User Account AND Authentication 4.20.0 Cloudfoundry User Account AND Authentication 4.21.0 Cloudfoundry User Account AND Authentication 4.22.0 Cloudfoundry User Account AND Authentication 4.23.0 Cloudfoundry User Account AND Authentication 4.24.0 Cloudfoundry User Account AND Authentication 4.25.0 Cloudfoundry User Account AND Authentication 4.26.0 Cloudfoundry User Account AND Authentication 4.27.0 Cloudfoundry User Account AND Authentication 4.28.0 Cloudfoundry User Account AND Authentication 4.29.0 Cloudfoundry User Account AND Authentication 4.30.0 Cloudfoundry User Account AND Authentication 4.31.0 Cloudfoundry User Account AND Authentication 4.32.0 Cloudfoundry User Account AND Authentication 4.33.0 Cloudfoundry User Account AND Authentication 4.34.0 Cloudfoundry User Account AND Authentication 4.35.0 Cloudfoundry User Account AND Authentication 73.7.0 Cloudfoundry User Account AND Authentication 74.0.0	240

References

https://www.cloudfoundry.org/blog/cve-2019-11278