Vulnerabilities > Cloudfoundry > User Account AND Authentication > 74.12.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-22 | CVE-2021-22001 | Unspecified vulnerability in Cloudfoundry Cf-Deployment In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent to UAA server. | 5.0 |
2020-02-27 | CVE-2020-5402 | Cross-Site Request Forgery (CSRF) vulnerability in Cloudfoundry Cf-Deployment In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | 6.8 |